wan wide area network the internet at large the outside
play

WANWide Area Network. The internet at large, the outside. LANLocal - PDF document

Nov 12, 2023 •545 likes •624 views

Typical Network Topology SOHO Firewalls WAN 2006-11-25 (Internet) What is it: Networks and Firewalls / Routers firewall/ DMZ router Typical Network Topology LAN LAN LAN WANWide Area Network. The internet at large, the

  1. Typical Network Topology SOHO Firewalls WAN 2006-11-25 (Internet) What is it: Networks and Firewalls / Routers firewall/ DMZ router Typical Network Topology LAN LAN LAN • WAN—Wide Area Network. The internet at large, the “outside”. • LAN—Local Area Network. The internal network connecting all local computers. • DMZ—De-Militarised Zone. Physically seperate network segment used for servers which are accesssible from the “outside”. Not used for servers which are only internal. Data Flow SOHO Firewalls WAN (Internet) 2006-11-25 What is it: Networks and Firewalls / Routers DMZ Data Flow LAN • LAN: can access “outside” (=internet), perhaps with exceptions. Can access DMZ. • WAN: can only access DMZ server!! • DMZ: can access nothing (perhaps with well-reasoned exceptions), but especially not the “inside” LAN. • Many other policies are possible! • Arrows show the direction of the originating request. Obviously, the answer has to go the other way. It’s important to keep connection state—to recognize answer packets.

  2. Firewall SOHO Firewalls 2006-11-25 What is it: Networks and Firewalls / Routers Firewall Enforces a security policy Is a packet filter Can be a proxy Can be a cache Firewall Router Forwards (routes) packets, otherwise same as firewall. • Proxies are better placed on separate hosts, though this depends also on resources, threat levels and value of what has to be protected “inside”. • Cache is also better placed on another host. Packets ’n Protocols SOHO Firewalls 2006-11-25 Nitty Gritty: Packets, Protocols and Services Data transfer on the internet happens in packets. Packet header/body IP – Internet Protocol Many sub-protocols to IP TCP – Transmission Control Protocol, TCP/IP Packets ’n Protocols uses 16-bit port numbers UDP – User Datagram Protocol uses 16-bit port numbers ICMP – Internet Control Message Protocol • TCP: Used by almost all commonly known services. • UDP: Used when no “connection state” is desirable. • ICMP: Used e.g. for “ping”: “echo request”, “‘echo response”; or “network unreachable” messages.

  3. IP Addresses SOHO Firewalls 2006-11-25 Nitty Gritty: Packets, Protocols and Services IP Address – Internet Protocol number Addresses the interface, not the computer 123.34.5.67 (4 numbers 0-255, 32 bit, IPv4, IP version 4) fe80::250:56ff:fec0:1 (128 bit, IPv6, IP version 6) Domain Names IP Addresses Are translated into IP numbers Used to make addressing more user-friendly Actual data transfers are always addressed by IP number • Mensch/Maschine: human: name, computer: number Services SOHO Firewalls 2006-11-25 Nitty Gritty: Packets, Protocols and Services Domain (DNS): name translation to IP number; 53/UDP, 53/TCP HTTP, www: web browsing; 80/TCP (HTTPS: 443/TCP) SMTP: email; 25/TCP IMAP: mail boxes; 143/TCP (IMAPS: 993/TCP) Services SSH: secure shell login; 22/TCP FTP: file transfer; 21/TCP, 20/TCP, other TCP DHCP: automatic host configuration; broadcast NFS: disk sharing; 2049/UDP, several others See /etc/services for number allocations • Name-to-address translation (name resolution) can also be achieved with the /etc/hosts file. • FTP uses dynamically allocated ports and needs special tracking code in packet filters. • DHCP: Returns IP number, gateway IP number, etc. on request. • NFS uses a number of ports and port ranges for its sub-parts. It even has a port-mapper service to keep track of it. Very difficult to filter. It is typically only used on LANs but not over WANs. • Services are provided by daemons. • Both TCP and UDP ports are allocated to a service, although mostly only one is used.

  4. Network Numbers SOHO Firewalls 2006-11-25 “Network” is a range of consecutive IP numbers determined Nitty Gritty: Packets, Protocols and Services by a “netmask” Netmask is used for a binary-AND operation (Boolean algebra) Broadcast address: the highest IP number of each network Network address: the lowest IP number of each network Network Numbers Broadcast and network addresses can not be used for host interfaces! “192.168.1.0/24” is a network with 256 numbers (8 bits) Named networks: /etc/networks Private networks, RFC1918 • Number of IPs in each network usable for host interfaces: two less than the number of IP numbers in the network. • RFC1918: http://www.ietf.org/rfc/rfc1918.txt 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 • Private networks are not to be routed over the internet! Their numbers can be re-used on each LAN. Firewall Software – Appliances SOHO Firewalls 2006-11-25 Putting it into practice: Software Firewall appliance software Need a dedicated PC to run on Provide full router functionality Extras like traffic shaping (bandwidth control), traffic graphs, automatic failover (for redundancy), proxies, service/protocol repeaters Easy configuration of all functions Firewall Software – Appliances Turn-key solution Examples: IPCop, pfSense, Endian Dedicated hardware box with embedded software Examples: Look in the shops • Very small hardware can be bought to install firewall appliance software on, but a retired PC is about as powerful and much cheaper. Of course it doesn’t have the geek factor, but the cost of the power for running it is much lower. • Demonstration/evaluation with VMware-server – Host-only networking – 3 network interfaces (vmnet1-3) – host: 3 class-C nets, e.g. 10.10.xyz.1; browse to 10.10.x.9 – guest: LAN: fixed IP, e.g. 10.10.x.9, peer is .x.1 WAN: DHCP

  5. IPCop SOHO Firewalls 2006-11-25 Putting it into practice: Software Linux-based 1 ; min: 64MB RAM, 300–500MB disk Runs on a PC Aimed at hobbyists Modem firmware upload No filtering of out-going packets IPCop Extension package support Automatic rule reload after every change 1 http://ipcop.org/ • Extension packages of variable quality; segfaults and blank screens possible. • Extension packages increase minimal system requirements. • Interfaces pfSense SOHO Firewalls 2006-11-25 Putting it into practice: Software Based on FreeBSD, monowall branch 2 min: 128 MB RAM, 200MB disk Runs on a PC or embedded system with only a flashcard Polished, enterprise-class product Redundant failover support (and no modem-firmware pfSense handling) Minimal internal logging support; use syslog server Sophisticated detailed rule setup 2 http://pfsense.org/ • Small ringbuffer RAM logging only: suitable for flashcard systems. • Extension packages increase minimal system requirements. • The BSD pf packet filter works differently to Linux iptables. Specifically, with NAT the destination port is not available for filter rules.

  6. SuSEfirewall2 SOHO Firewalls 2006-11-25 Putting it into practice: Software Ships with SUSE 4 ; scripts work with any Linux (iptables) Packet filter for desktop, server, or router Easily configurable through variable assignments in a well-commented config file Service-oriented configuration; handles NFS! SuSEfirewall2 Very good GUI with yast 4 http://download.opensuse.org/distribution/SL-10.1/inst-source/suse/ noarch/SuSEfirewall2-3.4_SVNr142-5.noarch.rpm • Supports multiple interfaces on LAN, DMZ, and (sort of) WAN. • Configuration is above the a-port-a-rule level. • Because it’s a shell script, modifications in a few places are much easier than starting over.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a

Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a

Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a large area such as a town, city or country. Describe the bus topology, Single main cable to which computers are connected. Data storage is measured

363 views • 3 slides
Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors Aranya Chakrabortty North Carolina State University, Raleigh, NC Information Trust Institute at UIUC 7 th October, 2011 Wide Area Measurements (WAMS)

973 views • 56 slides
LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power Wide-Area Network (LPWAN) 3) LoRa Architecture Layers Limitations 4) Other LPWAN Technologies 5) Conclusion 2 The Internet of Things

10.73k views • 27 slides
Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet

Mobile Ad-hoc Network WIDE project/KEIO University ryuji@sfc.wide.ad.jp ToC Global Internet Connectivity MANET/NEMO integration IPv6 Support on MANET MANET on the Internet Where can MANET be deployed in our daily life?

564 views • 27 slides
WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a

WIDE updates Kenjiro Cho IIJ/WIDE Project August 1, 2012 Understanding Internet Dynamics from a Global View the Internet is an evolving open system no central point, no typical network or user complexity everywhere: topology, usage

608 views • 13 slides
Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Internet-Wide Network Studies Previous research has shown promise of Internet-wide surveys Mining

Fast Internet-Wide Scanning, ZMap Weak Keys and the HTTPS Certificate Ecosystem Zakir Durumeric Michael Bailey University of Michigan ZMap: Fast Internet-Wide Scanning, Weak Keys, and the HTTPS Certificate Ecosystem Zakir Durumeric

491 views • 46 slides
BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2

BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2

BUILDING A GLOBAL INTERNET OF THINGS NETWORK TOGETHER AGENDA LoRa 1 How it started 2 Building a global network Use Cases 3 How to join 4 5 Long Range Wide Area Network WIRELESS COMMUNICATION Suitable for Spotjfy, Netglix, Suitable

1.45k views • 29 slides
Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology

Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology

Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology Asian Institute of Technology Satellite network & IP Satellite network & IP Wide Area Coverage Wide Area Coverage Broadcast

901 views • 53 slides
H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning

H Healing Heartbleed li H bl d Vulnerability Mitigation with Internet wide Scanning Vulnerability Mitigation with Internet wide Scanning J. Alex Halderman Mining Your Ps and Qs: Widespread Weak Keys in Network Devices Nadia Heninger, Zakir

640 views • 53 slides
Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the

INTRODUCTION TO WEB DESIGN EHIMA PRINCE THE INTERNET AND THE WORLD WIDE WEB The Internet is the collection of huge network that is accessible to everyone and everywhere across the world. It connects millions of computers together globally,

338 views • 8 slides
Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon Weissman University of Minnesota Wide-Area Streaming Analytics Real-time analysis over large continuous data streams generated at the edge

316 views • 19 slides
Random Graphs Omid Etesami Large graphs World Wide Web Internet Social Networks

Random Graphs Omid Etesami Large graphs World Wide Web Internet Social Networks

Topics in Algorithms and Data Science Random Graphs Omid Etesami Large graphs World Wide Web Internet Social Networks Journal Citations Economics Journals Citations Random graphs Unlike traditional graph theory, we

1.18k views • 89 slides
4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and the Browser 4.3 What Browsers Can Do for Us 4.4 What is a Website? 4.5 Website Design 4.6 Other Creatures on the Web 4.7 Key Web Software

1.02k views • 97 slides
Wide-area Network (WAN) Environments & Open Systems Interconnection 818 West Diamond Avenue

Wide-area Network (WAN) Environments & Open Systems Interconnection 818 West Diamond Avenue

Wide-area Network (WAN) Environments & Open Systems Interconnection 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Introduction

344 views • 18 slides
Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of

Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of

Mobility Activity in WIDE Keio University/WIDE Ryuji Wakikawa ryuji@sfc.wide.ad.jp Goal of Mobility Society IPv6 AAA IP dynamic network: MANET Internet Technology IP Telephony: VoIP, SIP, ENUM IP Mobility: MIP, NEMO Cell Phone: W-CDMA,

328 views • 17 slides
Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh =

Mesh Networks | Hacking The T3lc0 Model http://arig.org.il What's a Mesh Anyway ? Mesh = topology. anything not a star / bus / ring / tree Nodes = routers, smart phones, cars anything wi-fi enabled Links = wireless connections

516 views • 25 slides
Addressing Technology Barriers Blurring the Lines Between IT and Simulation Brian Florek, MS

Addressing Technology Barriers Blurring the Lines Between IT and Simulation Brian Florek, MS

Addressing Technology Barriers Blurring the Lines Between IT and Simulation Brian Florek, MS EMT-P May 2018 brian@ssemse.net Disclosures Brian Florek not an employee of or affiliated with Laerdal Medical Corporation Brian Florek

806 views • 62 slides
SIGTRAN - An Introduction Tareque Hossain SS7 & SIGTRAN SS7 Stands for Signaling System

SIGTRAN - An Introduction Tareque Hossain SS7 & SIGTRAN SS7 Stands for Signaling System

SIGTRAN - An Introduction Tareque Hossain SS7 & SIGTRAN SS7 Stands for Signaling System No. 7 A set of telephony signaling protocols which are used to set up public switched telephone network calls throughout the world

833 views • 7 slides
Application of Quality of Service to Voice over IP Deployments RJ Atkinson Extreme Networks

Application of Quality of Service to Voice over IP Deployments RJ Atkinson Extreme Networks

Application of Quality of Service to Voice over IP Deployments RJ Atkinson Extreme Networks January 30, 2004 Abstract There is growing interest in deploying Voice over IP services , particularly within single enterprise environments. While

396 views • 10 slides
LE LEVE VERAGING TECH TECHNO NOLOGY GY TO TO IM IMPROVE IN INVESTIG IGATIO IONS A

LE LEVE VERAGING TECH TECHNO NOLOGY GY TO TO IM IMPROVE IN INVESTIG IGATIO IONS A

LE LEVE VERAGING TECH TECHNO NOLOGY GY TO TO IM IMPROVE IN INVESTIG IGATIO IONS A Comparison of Traditional Solutions and Recent Innovations TH THE PR PROBLEM LEM OVERVIEW Investigators spend an inordinate amount of time on a

815 views • 11 slides
1 FIRST Award Presenta2on Jerry Nissen, FIS Gary Lauk, Unisys Bill

1 FIRST Award Presenta2on Jerry Nissen, FIS Gary Lauk, Unisys Bill

1 FIRST Award Presenta2on Jerry Nissen, FIS Gary Lauk, Unisys Bill Thomas, OCCU FIS / Unisys - 3 rd Annual FIRST AWARD F ocus I nnova2on R esults FIRST AWARD S trategic T

187 views • 16 slides
Katherine Collier, Vice President National Data Integrity Sobeys Inc. Presented by: Presented by:

Katherine Collier, Vice President National Data Integrity Sobeys Inc. Presented by: Presented by:

Katherine Collier, Vice President National Data Integrity Sobeys Inc. Presented by: Presented by: Overview of Sobeys Inc. Sobeys operates over 1,300 corporate & franchised stores in 10 provinces, serving over 800 communities across

625 views • 9 slides
1 2 Barrels per day using Validere (000s/day) 1,000 600 300

1 2 Barrels per day using Validere (000s/day) 1,000 600 300

1 2 Barrels per day using Validere (000s/day) 1,000 600 300 2018 2016 2017 2019 2015

457 views • 22 slides

More recommend