네트워크와 보안
TRANSCRIPT
JavaScript
NW NW
1.OSI792. 113.,, 123.1 123.1.1 123.1.2 , 123.1.3 143.1.4 163.1.4.1 163.1.4.2 163.1.4.3 173.1.4.4 173.1.4.5 173.1.4.6 183.1.4.7 Multi-layer 183.1.4.8 VLAN183.1.4.8.1 VLAN 183.1.4.8.2 VLAN 203.1.4.8.3 VLAN 203.1.4.8.4 VoIP() VLAN223.1.5 ()233.1.5.1 , 233.1.5.2 233.1.5.3 233.1.5.4 233.1.5.5 243.1.5.6 273.1.5.7 293.1.5.8 293.1.5.9 303.1.6 303.1.7 313.1.8 PBX323.1.9 VPN333.1.10 SEM/SEIM383.1.11 Botnets,Bots393.1.12 Multi-layer protocol393.1.13 393.1.14 UTM403.2 403.2.1 403.2.2 403.2.2.1 FTP403.2.2.2 TFTP403.2.2.3 SNMP403.2.2.4 SMTP413.2.2.5 HTTP423.2.2.6 433.2.2.7 IRC443.2.2.8 MIME443.2.2.9 SOAP443.2.2.10 SASL443.2.2.11 SET453.3 453.3.1 453.3.2 453.3.2.1 ASCII463.3.2.2 EBCDIC463.3.2.3 TIFT463.3.2.4 JPEG463.3.2.5 MPEG463.3.2.6 MIDI463.3.3 &463.3.3.1 463.3.4 463.4 473.4.1 473.4.1.1 //473.4.1.2 473.4.1.3 473.4.2 &473.4.2.1 Java RMI483.4.2.2 Microsoft .NET483.4.3 483.4.3.1 NFS483.4.3.2 NetBIOS483.4.3.3 RPC483.4.3.4 RTP493.4.3.5 SOCKS513.4.3.6 SQL523.5 523.5.1 523.5.1.1 523.5.1.2 523.5.1.3 523.5.2 523.5.2.1 TCP523.5.2.2 UDP553.5.2.3 SCTP553.5.2.4 DCCP553.5.2.5 SPX563.5.2.6 SSL563.5.2.7 TLS573.5.3 573.5.3.1 SYN Flood(half-open) 573.5.3.2 583.5.3.3 583.5.3.4 tarpits583.5.3.5 583.5.3.6 TCP Wrapper583.5.3.7 VPN583.6 583.6.1 593.6.1.1 593.6.1.2 /593.6.2 593.6.2.1 IP593.6.2.2 IPv6(IPng)623.6.2.3 DHCP643.6.2.4 BOOTP653.6.2.5 ICMP653.6.2.6 IGMP663.6.2.7 Mobile IP663.6.2.8 VoIP/mVoIP673.6.2.9 DNS683.6.2.10 693.6.3 &723.6.3.1 723.6.3.2 NAT/PAT723.6.3.3 733.6.3.4 DMZ743.6.4 753.6.4.1 753.6.4.2 763.7 773.7.1 783.7.1.1 LLC 783.7.1.2 MAC783.7.1.3 783.7.1.4 Unicast,Broadcast,Multicast783.7.1.5 783.7.1.6 MAC 793.7.2 793.7.2.1 802793.7.2.2 LAN803.7.2.2.1 803.7.2.2.2 813.7.2.2.3 ARP823.7.2.2.4 RARP823.7.2.3 MAN833.7.2.3.1 FDDI833.7.2.3.2 SONET,SDH853.7.2.3.3 853.7.2.4 WAN863.7.2.4.1 863.7.2.4.2 873.7.2.4.3 X.25893.7.2.4.4 Frame Relay903.7.2.4.5 SMDS923.7.2.4.6 ATM923.7.2.4.7 MPLS933.7.2.4.8 DWDM-MSPP933.7.2.4.9 PLC933.7.2.4.10 SLIP933.7.2.4.11 SDLC943.7.2.4.12 HDLC943.7.2.4.13 LAP953.7.2.4.14 PPP963.7.2.4.15 973.7.2.4.16 1013.7.2.4.17 1023.7.2.5 GAN1023.7.2.6 Intranet/Extranet/Internet1023.7.3 1033.7.3.1 WLAN1033.7.3.2 MAC1043.7.3.2.1 802.111053.7.3.2.2 Wi Fi 1063.7.3.2.2.1 802.11b(Wi-Fi)1073.7.3.2.2.2 802.11a1073.7.3.2.2.3 802.11i()1073.7.3.2.2.4 802.11g1113.7.3.2.2.5 802.11n(MIMO)1113.7.3.2.2.6 802.11ac1123.7.3.2.3 802.15()1123.7.3.2.4 802.16(WiMAX)1123.7.3.3 Ad hoc WLAN1133.7.3.4 SSID1133.7.3.5 MAC 1133.7.3.6 WPAN1133.7.3.6.1 BlueTooth1133.7.3.6.2 UWB1143.7.3.6.3 Zigbee1143.7.3.6.4 NFC1153.7.3.6.5 iBeacon1153.7.3.6.6 WiBEEM1153.7.3.7 WMAN1163.7.3.7.1 MAC-802.161163.7.3.8 WWAN1163.7.3.8.1 MAC-802.201163.7.3.8.2 WAP1163.7.3.9 1G1173.7.3.9.1 AMPS(FDMA)1173.7.3.10 2G1173.7.3.10.1 :CDMA1173.7.3.10.2 PCS:TDMA/CDMA1173.7.3.10.3 GSM:FDMA/TDMA1173.7.3.11 3G1173.7.3.11.1 W-CDMA1173.7.3.11.2 Cdma2000 1x EV-DO1173.7.3.12 4G1173.7.3.12.1 LTE1173.7.3.12.2 1173.7.4 1183.7.5 &1183.7.5.1 ,1183.7.5.2 1183.7.5.3 L2 1193.7.5.4 1193.7.5.4.1 1193.7.5.4.2 1203.7.5.5 1203.7.5.5.1 1203.7.5.5.2 Carrier-Sensing1203.7.5.5.3 1213.7.5.6 MA & Multiplexing1213.7.5.6.1 MA1223.7.5.6.2 Multiplexing1233.7.5.7 VPLS1233.7.5.8 1233.7.5.8.1 FHSS1233.7.5.8.2 DSSS1243.7.5.8.3 OFDM1243.7.5.9 1253.7.5.10 1263.7.5.11 Spanning Tree Protocol(STP)1263.7.6 1263.7.6.1 1273.7.6.1.1 1273.7.6.1.2 1273.7.6.2 1273.7.6.2.1 MAC Address Filtering1273.7.6.2.2 1273.7.6.2.3 EAP1273.7.6.3 1273.7.6.3.1 war driving1283.7.6.3.2 Rouge AP1283.7.6.3.3 WLAN 1283.7.6.3.4 1293.7.6.3.5 WIPS1293.7.6.3.6 1303.7.6.3.7 Captive Portal1303.7.6.3.8 1303.7.6.4 1303.7.6.4.1 802.1AR(DevID)1313.7.6.4.2 802.1AF(KEY_1313.7.6.4.3 802.1AE(MACSec)1323.8 1323.8.1 1323.8.2 1323.8.2.1 HSSI1323.8.3 &1343.8.3.1 1343.8.3.1.1 1363.8.3.1.2 1363.8.3.1.3 1363.8.3.2 1363.8.3.3 1363.8.3.4 1363.8.3.5 1363.8.3.6 ()1373.8.3.7 1373.8.3.8 1373.8.3.9 ,1373.8.4 1373.8.4.1 1383.8.4.2 attenuation1383.8.4.3 crosstalk1383.8.4.4 1384.1394.1 1394.1.1 1394.1.2 1394.1.3 whaling 1394.1.4 SMTP-AUTH1394.1.5 SPF1394.1.6 1404.2 DNS1404.2.1 1404.2.2 DNS1404.2.3 1414.2.4 1414.2.5 nslookup1424.2.6 DNS1425.1425.1 142
OSI7
( , HTTPS ) ( , )
, ,
//
QoS
( ), () , , ( IPSec )
LLC, MAC (MAC), , , BEC, FEC, , HDLC( High-Level Data Link Control, ) , - AM, FM, PM - ASK, FSK, PSK - TDM, FDM - baseband , broadband , -
Multilayer protocols provide the following benefits:A wide range of protocols can be used at higher layers.Encryption can be incorporated at various layers.Flexibility and resiliency in complex network structures is supported.There are a few drawbacks of multilayer protocols:Covert channels are allowed.Filters can be bypassed.Logically imposed network segment boundaries can be overstepped.There are numerouscovert channel communication mechanisms that use encapsulationto hide or isolate an unauthorized protocol inside another authorized one.HTTP Tunnel For example, if a network blocks the use of FTP but allows HTTP, then tools such asHTTP Tunnelcan be used to bypass this restriction.This could result in an encapsulation structure such as this:.[ Ethernet [ IP [ TCP [ HTTP [ FTP ] ] ] ]Normally, HTTP carries its own web-related payload, but with the HTTP Tunnel tool, the standard payload is replaced with an alternative protocol.ICMP-LokiThis false encapsulation can even occur lower in the protocol stack.For example, ICMP is typically used for network health testing and not for general communication.However, with utilities such as Loki, ICMP is transformed into a tunnel protocol to support TCP communications.The encapsulation structure of Loki is as follows:.[ Ethernet [ IP [ ICMP [ TCP [ HTTP ] ] ] ] ]VLAN hoppingAnother area of concern caused by unbounded encapsulation support is the ability to jump between VLANs.VLANs are networks segments that are logically separated by tags.This attack, known as VLAN hopping, is performed by creating a double-encapsulated IEEE 802.1Q VLAN tag:.[ Ethernet [ VLAN1 [ VLAN2 [ IP [ TCP [ HTTP ] ] ] ] ] ].With this double encapsulation, the first encountered switch will strip away the first VLAN tag, and then the next switch will be fooled by the interior VLAN tag and move the traffic into the other VLAN. " " -http://www.aceking.co.kr/datacomm/data_main.html,, , , , , / (syntax) : ( ) 8 8 .( semantics): - , ( ) . : , , , (http://www.ktword.co.kr/abbr_view.php?nav=2&id=772) (Encapsulation) - , (Sequence Control) (Flow Control) (Error Control) (Synchronization) (Addressing) (Fragmentation, Reassembly) (Data Formatting) , TCP . UDP ICMP .Flow Control (http://www.ktword.co.kr/abbr_view.php?nav=2&choice=map&id=746&m_temp1=392) "" ( ) , ` (pacing)` (, )
(Stop and Wait) 1 (Rate-based) (Window-based) Sliding Window : (Credit) , (paging)
Stop-and-wait ACK ACK ->
rate-basedStop-and-wait ACK , .
http://www.ktword.co.kr/abbr_view.php?nav=2&choice=map&id=772&m_temp1=1299 (Error Control) (), () BEC( )FEC( , )BECBackward Error Correction, Data + ARQ(Automation Repeat Request) ARQ Stop-and-Wait ARQGo-Back-N ARQSelective Repeat ARQ, FECForward Error Correction, -> : Data + , , - ,
BECStop-and-wait ARQ , ACK Go-Back-N ARQ Go-Back-N ARQNAK(Negative-Acknowledgement) .Selective-Repeat ARQSelective Repeat ARQ, . .FEC Piggybacking ( , ) (Acknowledgement) , , (Piggyback)
L4~L7L7- , N/W , SNA to LAN, X.25 to LAN- -
L4 - - , -
L3IP - IP , , Routing , , connection-less- N/W , /Routing table - LAN LAN (:LAN WAN )- LAN LAN - - VLAN - LAN to LAN, LAN to WAN
SubnetingRouting TableRounting IP MAC MAC .
L2MAC MAC - MAC , Forwarding , , connection-oriented- , LAN (LAN to LAN)- LAN .- - MAC - ( ) - () - : multi-port bridge, (LAN) - LAN to LAN, : LAN to MAN
L1 . ( , ) LAN , 0,1 ( )
: multi-port repeater
Routers, Switches & Firewalls Learn how they are different-http://www.petri.co.il/csc_routers_switches_and_firewalls.htm# , , (multiport) an intelligent hub- outbound . LAN .. LAN , . , . CPU . (MAC) . . , . , . (Cut-through), , . (Store & Forward) , , , , ( ) . . . . . - , MAC . multilayered switches -3, 4, 7 , , , QoS ASIC Application specific Integrated Circuit . .Multi-layer VLANVLAN all-in-one, p.669 VLAN ., , . , VLAN .
. 2 2 3 . LAN LAN Broadcast ., Broadcast , LAN . Broadcast . . . LAN VLAN.VLAN Layer1 VLAN Layer2 MAC VLAN . Layer3 IP VLAN, IP subnet VLAN, Multiple VLAN . VLAN - 1 VLAN 1,2,4 -> VLAN 1, 3, 5 -> VLAN 2 VLAN : . : VLAN .MAC(Medium Access Control) VLANMAC VLAN : VLAN . : MAC .......IP VLANIP VLAN : IP PC VLAN . : IP VLAN . IP .IP subnet VLAN IP subnet VLAN . IP LAN . VLAN IP VLAN . . subnet . : . subnetting . :IP . IP . VLAN VLAN MAC, VLAN --> MAC VLAN VLAN .VLAN , ( ) VLAN . LAYER2 . VLAN LAN . : . VLAN . : .VLAN .VLAN VLAN hopping attack VLAN . . trunking tagging values . VLAN . . . VLAN Tagginghttp://www.ktword.co.kr/abbr_view.php?m_temp1=3479&m_search=customer+vlan2 VLAN VID(VLAN ID) (Tagging) IEEE 802.1Q ()
VLAN VLAN Trunkhttp://www.ktword.co.kr/abbr_view.php?m_temp1=3478&m_search=customer+vlan
VLAN VLAN trunking protocolhttp://blog.naver.com/PostView.nhn?blogId=demonicws&logNo=40108781898 VLAN VLAN
VLAN , ( ) .
VLAN VLAN VLAN 3 . . VLAN , VLAN .http://egloos.zum.com/networkers/v/145857
all-in-one, p.671VoIP() VLANVoIP (SIP, RTP ) VLAN VLAN VoIP ? Network Convergence ?
Voice VLAN Data VLAN IP, IP Voice data VLAN / . Voice VLAN Data VLAN , Data VLAN . VLAN VLAN (), ( -> ) NAT : () : NAT : IDS . IP, , 2 Circuit-level 3 Stateful inspection , dynamic packet UTM(unified threat management) VPN , . : ->IDS -> ? ? ( default deny) Locating. (auditing) alarms . even basic IDS functions. . . . . ... ? load . ids static packet filtering - 1 ( ) - IP, , IP , - , stateless inspection - context . . . , . . NAT . application-level . FTP GET FTP PUT . . . - , .. . 3 DoS .. - . . , . . circuit-level
circuit IP, . SOCKS - SOCKS SOCKS - SOCKS () - - ( all-in-one p.690 )SOCKS SOCKS SOCKS .OSI . . , .application level proxy . SOCKS .SOCKS IP SOCKS socks , .socks , , ., "" , HTTP . ( stateful inspection firewalls)" " OSI 3,4 . , , , . .XMAS , (ACK ) , . - ( , , ) . - , . (state table) .UDP UDP , ICMP .UDP (Window Size) ICMP . , DoS . , , CPU . . . performance hit . ( )UDP ICMP . . Dynamic packet-filtering firewallsenable thereal-time modification of the filteringrules based on traffic content. well-known (1023 ) . ACL . (FIN, RST ), ACL . UDP 5 , .OSI . , . .FTP FTP . , , , , . . . . . (, , ). , . , , , . " " . . .HTTP , DNS DNS, SMTP . SQL . . . , DMZ . ( )2 . (forwarding) .DMZ ( ) - ( ) - , (), . --> "screening" "screening( )" "screened". - . 3 ( ) - ( ) - DMZ- - - DMZ . 3 . ( Bastion Host ) . . DMZ . , FTP, DNS bastion host. bastion host . , , , , . SPoF , . defense in depth - . : .2 : DMZ , DMZ 2 .3 : DMZ 2 CISSP , P.238, all-in-one, p.696 - , virtual guest , .DNS, , , . . , bridge mode , () all-in-one, p.702 - .
, , . masquerading, spoofing . .DDos . .
. . . , .
Source Routing , IP (Loose Source and Record Route(LSRR) andStrict Source and Record Route(SSRR) )Loose source routing . , . - . .
. silent rule' noisy' . stealth rule cleanup rule . negate rule . " any rules" ."any but A " --> ! A . . () , DNS .
forwarding open anonymous open, IP . reverse . . : ( - ) -> : -> ( - ) () ( , CISSP ) ,NAS(Network Access Server)IPX IP , PSTN , Unix Send mail -> -> X.400 --> Microsoft FDDI PBXPrivate Branch Exchange PBX , , PC - ( - PBX ) : voice , voice ,
PBX PBX . .PBX .Phreaker() PBX . . , . . .Phreaker VPN CISSP , P.245VPN links between systems - to secure TCP/ IP , .VPN (tunneling, encapsulation) . (Client-to-server) . LAN ..2 (Host by Host) . LAN ..3 - L2F, PPTP, L2TP, IPSEC, SSL : DES, AES, SEED : IKE(Internet Key Exchange) : , . ID/PWD , , QoS : Bandwidth ( VPN ? QoS ?)VPN PPTP VPN - PPP IP .L2TP VPN - PPP IP IPSec VPN - IP . SSL VPN - ( HTTP)
Remote Access VPN : VPN , SSL-VPN?Intranet VPN : : IPSec VPN?Extranet VPN : : IPSec VPN? VPN . ...(all-in-one p.758)VPN IP --> PPP -> PPP () PPP -->PPTP ->IP () PPP -->L2TP ->IP (WAN, ATM, ) ()VPN : IP, PPTP, L2TP + IPSec IP PPP ? IP PPP . PPTP L2TP ? PPP --> PPP PPTP L2TP PPTP L2TP ? PPTP IP . IP WAN(ATM, ) L2TP . IP, PPP L2TP IPSec ? IPSec, , . ->( IP )-> ->(PPP )-> ISP -> (PPTP, L2TP ) -> ->(PPTP, L2TP ) -> ( PPTP, L2TP , PPP , IP )-> IP -> SSL VPN [ Ethernet [ IP [ TCP [ SSL [ HTTP ] ] ] ] ] VPN . VPN .VPN -> Routing Client-PC . Routing IPSec VPN
- [ Ethernet [ IPSec [ IP [ TCP [ SSL [ HTTP ] ] ] ] ] ]IPSec End-to-end, . IPSec IP IPv4 . IPSec IP IP IPv6 . - , , IPSec AH, Authentication header. , ( - ), . ( )
ESP, Encapsulating Security Payload. , , ( - ), PPP PAP, CHAP, EAP-TLS
IKE, Internet Key Exchange, ISAKMP, OAKLEY AH ESP AH, ESP IPSec VPN . ESP MAC NAT .AH MAC(ICV , Integrity Check Value) (, ) NAT ICV .NAT . NAT AH .ESP MAC(ICV) NAT , NAT ESP IPSec () 2 - L2TP, PPTP, L2F L2TP L2TP/IPsec - HAIPE High Assurance Internet Protocol Encryptor U.S. National Security Agency Type1 encryption device - IPSec . , security attributes SA --> () A : : (AH, ESP), ( SHA-1), ( AES-128), (), ( ) B : SA(Security Association) A AH AH(Authentication Header) : MD5, SHA ( ) : (replay attack) sequencing. ( ESP )ESPESP(Encapsulating Security Payload) .... : DES-CBC, 3DES : Sequence Number IKE, Internet Key Exchange, ISAKMP, OAKLEY.builds on ISAKMP, OAKLEY .ISAKMP (?) authenticated keying material ISAKMP, Internet Security Association and Key Management Protocol.SA , ( IETF ).IPSec (, , , ) OAKLEY . . ISAKMP () OAKLEY ( ) SA. ( , , , , IP ). . outbound, inbound traffic 2 SA ..SPI( Security Parameter Index) - IPSec . SA IKE .IKE Phase 1 : Main , Aggressive .IKE Phase 2 : Quick .IKE Phase 1 IKE ISAKMP OAKLY SA ().IP IP ( IP ) .end-to-end VPN . ) . . . . . IP . IP . . ) -to- VPNPPTP VPNPoint-To-Point Tunneling Prorotocol(PPTP)Microsoft WindowsVPN IP PPP (all-in-one, p.757).PPP .. PPP PPP ?PPP IP datagram (encapsulation) PPTP VPN . . , .. . Encapsulation(repackages the original frame ) PPTP .. -PPP PAP, CHAP, EAP-TLS RC4 (Microsoft) IPSec . . L2TP encapsulation TACACS+, RADIUS .L2TP VPNL2TP PPP PPTP Cisco L2F(Layer 2 Forwarding) PPP IP . L2TP IP, IPX, NetBEUI IP , X.25, Frame Relay, ATM . . encapsulation - repackages the original frame , IPSec . TACACS+, RADIUS SEM/SEIMSEM/SIEMSecurity Event Management / Security Information and Event Management, , , , , , (email, )have to understand a wide variety of different applications and network element (routers/switches) logs and formats;consolidate these logs into a single databaseand then correlate events looking for clues to unauthorized behaviors that would be otherwise inconclusive if observed in a single log file.Botnets,Bots Bots and botnets are most insidious implementations of unauthorized, remote control of compromised systems.Such machines are essentially zombies controlled by ethereal entities from the dark places on the Internet.A group of dispersed, compromised machines controlled remotely for illicit reasons.Multi-layer protocolIndustrial control systems and their multi-layer protocols are largely insecure due to the original designs used to implement them.Given the life expectancy of the control systems, many are in use with inherently insecure designs, protocols and configurations., (encapsulated and isolated from any public or open network)ModBushttp://www.ni.com/white-paper/7675/ko/Fieldbus = load balancing + + + + network convergence + Network convergence network convergence, , , , , ."Converged infrastructure"UTM , , , , FTPTFTP Trivial FTP TFTP is a simplified version of FTP, . quality of service is not an issue.69/UDP - . In practice, TFTP is used mostly in LANs for the purpose of pulling packages, . .TFTP .SNMPSimple Network Management ProtocolTCP/IP - -161,162UDP - . IP (, , ) SNMP v3 ,, - , (poll) - . . MIB . trap - MIB - MIB(Management Information Base ) ,. , community string - , . , MIB . : Get, Get-Next, Set, Trap, Get-Response, Get-Bulk, Get-Info-Reqall-in-one, p.634CMIPOSI SNMP TCP/IP SNMP . OSI7 SMTP .
POP3IMAPInternet Message Access ProtocolHTTPHTTPS SSL(Secure Socket Layer) HTTP HTTP , SSL ( ) ( SSL PKI ) , , , SHTTP
S-HTTP HTTP . .,
S-HTTP SSL . , S-HTTP , SSL . S-HTTP , ID .
S-HTTP , RSA / . SSL TCP . S-HTTP HTTP . , . Terisa Systems SSL S-HTTP .
AOL, , IBM, , Prodigy, Spyglass S-HTTP . SSL S-HTTP . S-HTTP IETF . RFC 2660 S-HTTP .
TELNET NVT, Network Virtual Terminal NVT . -> ->TELNET ->TCP/IP-> (NVT)->TCP/IP -> TELNET -> -> RloginRemote Login In UNIX Systems .SSHSSH v2, Secure Shell - rlogin, - SCP, Secure Copy - SFTPDiffie-Hellman - (v1 )22 SCPSecure Copy (SCP) uses Secure Shell (SSH) to encrypt data transmitted over a network.SFTPIRCInternet Relay Chat TCP MIMEMultipurpose Internet Mail ExtensionsSOAPHTTP, HTTPS, SMTP XML SASLSimple Authentication and Security Layer .( Access Control ) , API set ) SMTP, POP, IMAP, IMSP, LDAPSSL SSL Transport Application Message SSL LDAP add,modify,delete ..... Payload SASL LDAP Property . SETSecure Electronic Transaction Visa, MasterCard , PKI - - , , (, ) , : : ( ) . (Common Format) EBDIC(Extended Binary Coded Decimal Interchange Code ) - IBM AS/400 ASCII, MPEG, MIDI, JPEG, GIF, TIFF , , /, .ITU-T, ISO/IEC - ISO/IEC - MP3, AACITU-T - G.7xx ISO/IEC - MJPEG, MPEG-1 & 2ITU-T - H.2xxASCIIASCII - American Standard Code for Information InterchangeEBCDICExtended Binary-Coded Decimal Interchange ModeTIFTTagged Image File FormatJPEGJoint Photographic Experts GroupMPEGMotion Picture Experts GroupMIDIMusical Instrument Digital Interface& . . , () . ,
. . - . - , , , , (dialogue) , (communications) : simplex, Half Duplex, Full Duplex TCP/IP TCP/IP , , .//& : Java RMI, Microsoft .NETJava RMIMicrosoft .NETNFSNetwork File SystemNetBIOSNetBios Windows RPC(Remote Procedure Call) Name service - ports: 137/udp, tcp)Datagram distribution service -port: 138/udpSession service -port: 139/tcpNetBT -NetBIOS over TCP/IP RPC - 135net use \\< ip address >\< share_name > - This eliminates the need for NetBIOS name resolution configuration.net use \\< FQDN >\< share_name > - This allows the use of a DNS server to connect to a computer using its fully qualified domain name (FQDN).RPCRemote Procedure CallOSI . - Portmap(111 TCP ) Portmap : .. . RPC RPC Unauthorized session :RPC RPC , DoS RPCSRPC(Secure RPC) RPC - Diffie-Hellman .S-RPC .RTP : http://wooguystudy.blogspot.kr/2013/08/rtpreal-time-transport-protocol.html RTP( Real time Transport Protocol) (, ) (end-to-end) . ("multicast" )RTP .RTP RTP . "SIP"RTPUDP , . UDP RTP .(Sequence Number) RTP . , RTP ( PayloadType ) , RTP/RTCP RTCP(Real time Transport Control Protocol ) . QoS (out-of-band) . RTP : , RTCP : , .(latency) , .RTP , . RTP . RTP RTP . RTP RTCP : http://wooguystudy.blogspot.kr/2013/08/rtpreal-time-transport-protocol.htmlRT Control ProtocolRTCP , RTCP . .QoS . .IdentificationRTCP RTSPRealtime Streaming ProtocolSDPSIPSIP Session Initiation Protocol http://www.nexpert.net/487IP , IP (Signaling, ) , , . H.323, SIP, MGCP, Megaco/H.248, Sigtran, SCCP (Skinny Call Control Protocol) (SIP) RTP , RTCP SRTPSRTP (Secure Real-Time Transport Protocol) RTP RFC 3711 . SRTP RTP , RTP Payload Authentication Tag
SOCKS Circuit Level Proxy Firewall . IP . SOCKS SOCKS SQL SQL - Structured Query Language Tranmission Control Protocol , link-by-link end-to-end TCP (Full Duplex) . . , 3-WAY Handshake , 16 bit integer = 65536(0~65535) TCP UDP . . well-known port0~1023 : IP , . () Well-known " " FTP():20, FTP():21SSH : 22Telnet : 23 - SMTP:25,DNS : 53HTTP:80POP3:110RPC : 111NetBIOS : 138 ( .)IMAP : 143( POP3 .)SNMP : 161( . )ssl https:443/tcpssmtp:465/tcp,snews:563/tcp,spop3:995/tcprlogin:513rsh:514portmap:111
well-known , . 1024~49151 . () well-known , (Transmission Control Protocol, TCP) , , ( ) : ( ) : ( ) ( ) : OSI 2 . http://www.ktword.co.kr/abbr_view.php?nav=2&m_temp1=359&id=297 , , -- * : , () NAK TCP/IP APIUDP (User Datagram Protocol) Best Effort , : 512 UDP RTP . NFS TFTP"TFTP" & , . RUDP Reliable UDPSCTP Stream Control Transmission Protocol TCP UDP . TCP [2] . https://ko.wikipedia.org/wiki/%EC%8A%A4%ED%8A%B8%EB%A6%BC_%EC%A0%9C%EC%96%B4_%EC%A0%84%EC%86%A1_%ED%94%84%EB%A1%9C%ED%86%A0%EC%BD%9CDCCP Datagram Congestion Control Protocol . https://ko.wikipedia.org/wiki/%EB%8D%B0%EC%9D%B4%ED%84%B0%EA%B7%B8%EB%9E%A8_%ED%98%BC%EC%9E%A1_%EC%A0%9C%EC%96%B4_%ED%94%84%EB%A1%9C%ED%86%A0%EC%BD%9CSPX Sequenced Packet Exchange Novell Netware Networks . TCP SSLhttp://stevenjsmin.tistory.com/7
OSI HTTP, SMTP, Telnet, FTP SSL -- . TCP . , . SSL SSL Application data ( HTTP ) Change Cipher Specification Handshake Protocol Alert Protocol Record protocol : TCP HTTPS , , match , , , , SSL ? - "SSL VPN" . TLS SSLv3 HTTP "SSL" SYN Flood(half-open) SYN TCP SYN . SYN . tarpits " " . . DoS . TCP Wrapper TCP wrapper application ID ID a form of port-based access control.VPN "VPN" / (Traffic Shaping, Packet Shaping) / , http://www.ktword.co.kr/abbr_view.php?m_temp1=2074 Leaky Bucket Token Bucket Leaky Bucket Token Bucket Choke /IP IP CIDR( Classless Interdomain Routing) DHCP private IP , NAT( Address , ) VLSM( Variable Length Subnet Masks)https://www.microsoft.com/korea/technet/deploy/tcpintro10.mspx IPv6 NAT ( Class ) A , B, C Class : unicast D Class : multicast, 32 0 : , 32 1 : A : 1~126, * 127.~ : . B:128 ~, C: 192 ~, D: 224 ~IP / . , . , . . Best Effort . IP , 20 , 24 Service Type ( QoS) 8 (QoS,, , , ) . (IPv4) ( 8 0 ) 0~2 : (111: ) 3,4,5 : , ,, 0:, 1: Identification : . Datagram FlagDF(Don't Fragment ) : 1- .MF(More Fragment) : 1 - , 0- source , destination address Time To Live : TTL 0 . ICMP Protocol ( Transport ) IP TCP : 6, UDP:17, ICMP : 1 Header checksum , . TCP, UDP : MTU IP IP MTU . IP , , . Identification Fragment offset Don't Fragment , More Fragment IP . MTU PDU , . PDU "Packet too Big" ICMP , IP MTU . IP , IP . . IPv4 IPv6 , . . TCP , IP .( ) IP IP MTU . Path MTU discovery path MTU . unicast 1:1 . multicast 1:N() ) NIC IP . , NIC--> --> ...--> () . , multicast IP , D . IGMP () IPv4 Scope --> broadcast 1:N() IP anycast 1:1(multicast ) 1 IP IP , ,
IPv6(IPng) IPv6 IPv6 128 Version, Priority(Traffic Class), Flow Label, Payload Length, Next Header, Hot Limit, Source & Destination address IPv6 IPv6 128 anycast broadcast QoS QoS . Check Summing . IPv4 TTL ( ), "Header Checksum" .. . IPv6 "Header Checksum" . Path MTU Discovery :. fragmentation .. Maximum Transmission Unit -fragmentation . Path MTU Discovery : '' (labeling) . flow label->-> ->-> Security IPSec - AH(), ESP() IPSec ( PnP) , NAT(network address translation) .(IPv6 ~) NAT : IPv4 , / . , . stateful / stateless auto configuration - / IPv6 IPv6 intersite . 6to4 . (teredo) intrasite . ISATAP(Intra-Site Automatic Tunnel Addressing Protocol ) . IP , , . IPv6 .. , NAT .. IPv4, IPv6 .. .. IPv6 . Gateway( ) IPv4/IPv6 Packet 6to4 6to4 . IPv6 IPv4 (teredo) (teredo). IPv4 IPv6 . Microsoft . IPv6 . NAT UDP 7 IPv6 IPv4 (Tunnel) IPv4 IPv6 5 . ISATAP ISATAP, intrasite Automatic Tunnel Addressing Protocol. IPv4 IPv6 local link . IPv4 link-local IPv6 . IPv4/IPv6 IPv6 IP 32 128 "scope" anycast IPv4 vs IPv6
IPv4 IPv6
versionversion4 or 6
Header Length
Type of ServiceTraffic classtype
Total lengthpayload lengthIPv6
Identification fragment
Flags fragment
Fragment offset fragment
Time to liveHop limit hop
ProtocolNext header
Header checksum
DHCP DHCP (LEASE) 4 ( D-O-R-A )DHCP DISCOVER : DHCP .DHCP OFFER : DHCP Discover . DHCP .DHCH REQUEST : DISCOVER DHCP REQUEST DHCP ACK : REQUEST . IP (offer) .DHCP DHCP . , . .DHCP DHCP -> ( ) -> DHCP DHCP snooping . IP DHCP .DHCP MAC IP .DHCP snooping - !https://mellowd.co.uk/ccie/?p=5796DHCP BOOTPRARP BOOTP IP X , DHCP ICMPICMP http://www.ktword.co.kr/abbr_view.php?nav=&m_temp1=1966&id=1001http://support.microsoft.com/kb/170292/ko , Ping : IP ICMP ( ) - ICMP IP , ( , , , )
, ICMP 3.Destination unreacheable 4. Source Quench
5.Redirect Message . .11.Time Exceeded12.Parameter ProblemIGMPInternet Group Management Protocol (NIC) IGMP . IGMP . IGMP Mobile IP IP home IP address . http://ko.wikipedia.org/wiki/%EB%AA%A8%EB%B0%94%EC%9D%BC_IPIP http://anyflow.net/265http://moonkyoung.egloos.com/3217489Mobile IP ( , P.40 )MH(Mobile Host), MN(Mobile Node) : HA(Home Agent);FA(Foreign Agent)CoA( Care-of-Address)SH( Static correspondent Host), CN(Correspondent Node ) : MH , FA/MIPv4CN,SH HA . MIPv6MN CoA (auto-configuration), HA MN HA CN COA . CN .
forward
CN -> MNhttp://moonkyoung.egloos.com/3217489reverse MN -> CNingress filtering http://moonkyoung.egloos.com/3217489
http://anyflow.net/265VoIP/mVoIPVoIP VoIP () - SRTP, VPN(encription), QoS
IP PBX (IP PBX?)http://www.nexpert.net/237
SIPVoIP mVoIP. VoIP mVoIP ?. http://kimstreasure.tistory.com/64DNSDNS Lack of authentication of servers, and thereby authenticity of recordsnon-recursive query, recursive queryDNSSECDNSSECDNS Security, DNS DNS PKI -DNS DNS DNSSEC DNS DNS . DNS . .DNS -DNS , DNS A DNSSEC A DNS DNS .DNS DNS : DNS DNS , Zone TransferDNS, DNS, DNS Zone Transfer( ) . .DNS . address (1), address (2) : AS(Autonomous System ), . AS () . (Gateway) . http://blog.naver.com/PostView.nhn?blogId=tjddk417&logNo=150082250636IGP(Interior Gateway Protocol ) - RIP, OSPF, ( IGRP, EIGRP )EGP(Exterior Gateway Protocol) - BGPIGP(Interior gateway protocol) RIPv1 (legacy): IGP, distance vector, classful protocolRIPv2: IGP, distance vector, classless protocolIGRP (legacy): IGP, distance vector, classful protocol developed by CiscoEIGRP: IGP, distance vector, classless protocol developed by CiscoOSPF: IGP, link-state, classless protocolIS-IS: IGP, link-state, classless protocolclassfull --> classlessEGP(Exterior gate protocol)BGP: EGP, path-vector, classless protocol (dynamic routing protocol) . . (static routing protocol) . .- (Distance-vector routing protocol)( ) () RIP- (Link-state routing protocol) . , , , , OSPF- (Path-vector routing protocol)- - A path vector protocol is a computer network routing protocol which maintains the path information that gets updated dynamically.Updates which have looped through the network and returned to the same node are easily detected and discarded.It is different from the distance vector routing and link state routing. Each entry in the routing table contains the destination network, the next router and the path to reach the destination.BGP
, , , HELLO/ ECHO IGPInterior gateway protocol
RIPRIP .UDP, RIP .. . Hop count .. , ..30 .. ..VLSM .RIPv2.VLSM ..MD5 .OSPFOSPF( Open Shortest Path First ).interior gateway routing protocol developed for IP networks. . (flooding) ..Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node..Each router sends that portion of the routing table (keeps track of routes to particular network destinations) that describes the state of its own links, and it also sends the complete routing structure (topography).IGRPIGRP.legacy. . . RIP .., delay, reliability, MTU( ), load( ).VLSM EIGRPEIGRP, Enhanced Interior Gateway Routing Protocol - IGRP (routing policy).- . EGPBGPBGP ( Border Gateway Protocol). AS . . Path-Vector(-) In BGP the routing table maintains the autonomous systems that are traversed in order to reach the destination system.& MAC , . (IP) , . - LAN Router NAT/PATNetwork Address Translation (stateful), .IP IP ( ) scheme , () NAT - NAT IP(pool) . private IP NAT IP RFC 1918 private IP , . () NAT - NAT IP(pool) . first-com, first-served PAT, Port Address TranslationRFC 1918 private IP10.0.0.0 10.255.255.255 (a full Class A range)172.16.0.0 172.31.255.255 (16 Class B ranges)192.168.0.0 192.168.255.255 (256 Class C ranges)IP . 3 , , LAN : - IP . Class . IP, IP, ."VLAN", "VLSM"VLSMVariable Length Subnet Mask
, C (128.3.2.0) 1 (`/24`,`/25`) - , IP CIDRclassless inter domain routing supernetting .VLAN "VLAN" DMZDMZ , , DNS IDS .all-in-one, p.679DMS DMZ DNS , DMZ DMZDMZ (HTTP , DNS DNS ) DMZ , DMZ .all-in-one, p. 696 IP IP IP Dos .Teardrop
. Bonk - 1, 1. Boink - 1, . Teardrop UDP Bonk , Boink Overlapping fragment attack "" IP DoS IP SYN . SYN+ACK . ..... 4 SYN IP rlogin . ICMP ICMP echo ICMP Echo Request . ICMP Echo Response . attacker, victim, amplified network( ) attacker - victim - amplified network - , UDP Fraggle UDP ICMP ICMP Ping Of Death ICMP ICMP LAND . , . .--> IPSec XMASTCP "1" . DoS. " turned on" ., "" VPN " " VPN , . , , FDDI, ATM FDDI, , , WAN LAN WAN (NIC), ,, . . . OSI
LLC - Logical Link Control , MAC (MAC ) MAC - , , , MAC addressingMedia Access Control LAN WAN (, ATM ) .(framing) - , , . () . encoding schemes ( ) ) : "1"-> 0.5, "0" -> 0ATM : "1"-> 0.85 ) - CSMA/CD, - , (802.11x)the network interface card (NIC) has an unique hardware address which identifies a computer or peripheral device. The hardware address is utilized for the MAC sublayer addressing
LLC MAC Unicast,Broadcast,Multicast , , FDDIMAC LLC . , , () .MAC MAC24 (vendor code) + 24 (Serial Number)IEEE 802 http://www.ktword.co.kr/abbr_view.php?id=292&m_temp1=1081&nav=2802802 http://www.ktword.co.kr/abbr_view.php?id=292&m_temp1=1081&nav=2IEEE 802.1 : Overview, Architecture, Interworking, and Management (LAN/MAN Bridging & Management) - 802 ( ) IEEE 802.2 : Logical Link Control (LLC) []
MAC IEEE 802.3 : CSMA/CD MAC and PHY- IEEE 802.3 MAC(Media Access Control) , IEEE 802.3 , IEEE 802.3 IEEE 802.4 : Token Passing Bus ( ) FDDI IEEE 802.5 : Token Passing Ring ( ) [] IEEE 802.6 : Metropolitan Area Network (DQDB) [/] IEEE 802.7 : Broadband LAN [/] IEEE 802.8 : Optical Fiber Technology Advisory Group [/] IEEE 802.9 : Isochronous LANs [/] IEEE 802.10 : Standard for Interoperable LAN/MAN Security [/] IEEE 802.11 : LAN - 802.11a, 802.11b, 802.11g ... IEEE 802.12 : Demand Priority Medium Access (100VG-AnyLAN) [] IEEE 802.13 : () IEEE 802.14 : CATV LAN Protocol [/] IEEE 802.15 : WPAN (Wireless Personal Area Network) - , Zigbee, UWB ... IEEE 802.16 : WMAN ( MAN) - , WiMAX IEEE 802.17 : RPR (Resilent Packet Ring) IEEE 802.18 : RR-TAG (Radio Regulatory Technical Advisory Group) - IEEE IEEE 802.19 : Coexistence TAG - (Coexistence) IEEE 802.20 : MBWA (Mobile Broadband Wireless Access) - IEEE 802.21 : Media Independent Handover IEEE 802.22 : Wireless Regional Area Network (WRAN) - Cognitive RadioLANEthernet, PLC, Token Ring . "UTP ", twisted-pair , UTP . : IEEE 802.3, CSMA/CD 10Mbps 1Gbps
802.3 802.3 , 10Base2(thinnet)10Base5(thicknet)10Base-T100Base-TX( )1000Base-T1000Base-X""MAC-802.3" " : IEEE 802.5 -
MAU(Multistation Access Unit) - - - . .
MAC-802.5ARP MAC , IP , MAC .ARP ARP , .ARP RARPReverse Address Resolution Protocol MAC RARP MAC IP .MANMetropolitan Area NetworkLAN MAN LANLAN MAN WAN, , MAN LAN MAN( SONET, FDDI ) LANSONET, FDDI , T1, T3 MAN , , . LAN MAN LAN MAN .-all-in-one, p.716MAN , --> , /(aggregation/distribution) -> (customer) . / distribution (aggregation) . aggregation . .FDDI" FDDI"IEEE802.4 ANSI - 2 dual counter-rotatingfault-tolerance primary secondary . - 100Mbps ( 100 km) - MAN . UTP CDDIFDDI-2 (all-in-one p.618 )primary SAS, single attachment station - (primary) DAS, dual attachment station - , SAC, sigle-attached concentrator - SAS DAC, dual-attached concentrator - SAS, DAS, SAC LAN , CISSP MAN .MAC-802.5HSSIHSSI(High Speed Serial Interface) ATM WAN DTC/DCE HSSI .is a DTE/ DCE interface standard that defines how multiplexors and routers connect to high-speed network carrier services such as ATM or Frame Relay.A multiplexor is a device that transmits multiple communications or signals over a single cable or virtual circuit.HSSI defines the electrical and physical characteristics of the interfaces or connection points and thus operates at OSI layer 1 (the Physical layer).
The border connection device between WAN and LAN is called thechannel service unit/ data service unit (CSU/ DSU).These devices convert LAN signals into the format used by the WAN carrier network and vice versa.The CSU/ DSU contains data terminal equipment/ data circuit-terminating equipment (DTE/ DCE), which provides the actual connection point for the LANs router (the DTE) and the WAN carrier networks switch (the DCE).The CSU/ DSU acts as a translator, a store-and-forward device, and a link conditioner. A WAN switch is simply a specialized version of a LAN switch that is constructed with a built-in CSU/ DSU for a specific type of carrier network. There are many types of carrier networks, or WAN connection technologies, such as X. 25, Frame Relay, ATM, and SMDS.
SONET,SDH - " " . , SONET SDH . LAN MAN http://www.ktword.co.kr/abbr_view.php?m_temp1=2118&m_search=%B8%DE%C6%AE%B7%CE%C0%CC%B4%F5%B3%DD http://www.zdnet.co.kr/news/news_view.asp?artice_id=00000010064803&type=det&re= , . . .. . . ,.(Peer) (Aggregation) .WANWAN connections and communication links can includeprivate circuit technologies andpacket-switching technologies.Common private circuit technologies includededicated or leased lines andPPP, SLIP, ISDN, and DSL connections.
Packet-switching technologies includeX. 25,Frame Relay,asynchronous transfer mode (ATM),Synchronous Data Link Control (SDLC), andHigh-Level Data Link Control (HDLC).Packet-switching technologies use virtual circuits instead of dedicated physical circuits.A virtual circuit is created only when needed, which makes for efficient use of the transmission medium and is extremely cost-effective. T1 T1 24 1.544MbpsT3 T3 28 T1 45 Mbps, SONET - SONET - SONET, ATM SONET - ATM - PSTNPublic Switched Telephone Networks PSTN "Phreaker" : ISDN Integrated Services Digital Network, DSL, , , WAN ( .)ISDN is a circuit-switched telephone network system, which also provides access to packet switched networks, designed to allow digital transmission of voice and data over ordinary telephone copper wires, resulting in potentially better voice quality than an analog phone can provide.
, , , , , , (, , ) BRI/PRI The ISDN standards define several kinds of access interfaces, such as BRI(Basic Rate Interface) PRI(Primary Rate Interface) . B :,, . D : BRI - 2 B, 1 DPRI - 23 B, 1 D - BRI /PRI - ISDN - , , --http://www.aceking.co.kr/datacomm/data_10.html
DSL Digital Subscriber Line, "alway-on". , , .xDSL -https://ko.wikipedia.org/wiki/%EB%94%94%EC%A7%80%ED%84%B8_%EA%B0%80%EC%9E%85%EC%9E%90_%ED%9A%8C%EC%84%A0 HDSLHigh-Data-Rate Digital Subscriber Line.HDSL requires two copper twisted pairs, so it is deployed primarily forPBX network connections,digital loop carrier systems,interexchange POPs,Internet servers,andprivate data networks. .HDSL , . , ADSL .T-1, E1 .. T-1/E1 . WAN, LAN, SDSL (), (Symmetric Digital Subscriber Line )ADSL , SDSL ADSL . (). . . , VoD,. LAN VDSL. ATM . Fiber to the Neighborhood Cable Modem "always-on" -
X.25 X.25 stack
- - (Permanent Virtual Circuits) Point to point between two systems or networks was widely used in Europe 1970, . WAN . --> DCE(Data Circuit Terminating Equipment) : ( DTE ) DTE(Data Terminating Equipment) : PAD(Packet Assembler Disassembler): Frame Relay
X.25 , ISDN ATM . (Permanent Virtual Circuit) CIR (Committed Information Rate)(VC) CIR --> .SMDS Switched Multimegabit Data Service (SMDS)ATM a connectionless packet-switching technology.Often, SMDS is used to connect multiple LANs to form a metropolitan area network (MAN) or a WAN. SMDS was often a preferred connection mechanism for linking remote LANs that communicate infrequently. SMDS supports high-speed bursty traffic and bandwidth on demand. It fragments data into small transmission cells. SMDS can be considered a forerunner to ATM because of the similar technologies used.ATM Asynchronous Transfer Mode , Frame Relay (53) (Dedicated-Connection)
SONET WAN SONET - ()ATM - (ATM ), ISP, LAN WAN ( X.25 < < ATM ) -> ( T )MPLSMulti-Protocol Label Switching IP Label L2 : 3 ( , ) 2 MPLS . 2 MPLS , ATM . , 3 MPLS LER , ATM 2 .DWDM-MSPPPLCPacket Line CardSLIP ISDN SLIP , , PPP Microcontroller SLIP, PPPboth protocols are encapsulation protocol used to carry data over serial linesSDLCSDLC - Synchronous Data Link Control ,X.25 .PAD .PAD - , . , , dedicated point to point . IBM SDLC uses polling, operates at OSI layer 2 (the Data Link layer), and is a bit-oriented synchronous protocol." " (HDLC) - HDLCHigh-level Data Link Control SDLC - ISO dedicated point to point - ( , WAN ) SDLC full-duplex connections higher throughput , , SDLC (work over synchronous lines)primary unit polling .HDLC LLC (Logical Link Control) : LAN LAP-B (Link-Access Procedure Balanced) : X.25 () LAP-D (Link-Access Procedure, D Channel) : ISDN PPP (Point-to-Point Protocol) : a refined version of SDLC designed specifically for serial synchronous connections.HDLC supports both point-to-point and multipoint connections. ( p-t-p )
LAPLink Access Protocol ` to ` ` to ` http://www.ktword.co.kr/abbr_view.php?m_temp1=1256LAP-BLink Access Protocol, Balancedx.25 http://www.ktword.co.kr/abbr_view.php?m_temp1=1256LAP-DLAP, D channelISDN PPPPoint to Point Protocol dedicated point to point
encapsulation protocol used over serial lines SLIPLAPB ISP (Dial Up) DSL PPP - IP,IPX,NBF,AppleTalk LCP(Link Control Protocol) : 2 PPP Link NCP(Network Control Protocol): 3 : PAP, CHAP, EAP PPPoEPoint-to-Point Protocol over EthernetPPPoAPoint-to-Point Protocol over ATMPPTPPoint-to-point tunneling protocolPPP LCP
LCP (Link Control Protocol, )PPP ,,, , (PAP,CHAP) NCPNCP (Network Control Protocol, ) , PPP PPP .EAP?CHAP? PAP . RAS CHAP .PAP () CHAPCHAP / EAPEAP( Extensible Authentication Protocol)point-to-point , , PPP PPP . PPP (PAP, CHAP) OTP, , , .802.11i 802.11i OSI . . RADIUS
EAP 802.11 WEP , , OTP , , 802.11i 802.1x . .EAP .EAP PPP, 802.3(), 802.11() EAP
EAP LEAP(Lightweight EAP) . EAP + TKIP -> LEAP( + ) EAP-TLS. . .. EAP . 802.1x TLS( ) . MS . - , , , ( ) PEAP, Protective EAP. EAP-TLS . .. .. .. MS, CISCO, RSA DATA Security .. EAP EAP-TTLS, EAP-Tunneled TLS. TLS ,. , .. dedicated link, leased line, point-to-point WAN ISP(Internet Service Provider) , , x.25, , ATM T-carriers , (), , , . - () , . . - T1 . E-carriersT-carriers " " : OC, optical carrier . OC-3, OC-12 . OC-48 . . OC-192 ) KT, SK, LG MPLS VPN
. Permanent virtual circuits (PVCs) (closed down), .Switched virtual circuits (SVCs) . .In either type of virtual circuit, when a data packetenters point A of a virtual circuit connection, that packet is sent directly to point B or theother end of the virtual circuit. However, the actual path of one packet may be differentfrom the path of another packet from the same transmission. In other words, multiple pathsmay exist between point A and point B as the ends of the virtual circuit, but any packetentering at point A will end up at point B.A PVC is like a two-way radio or walkie-talkie. Whenever communication is needed,you press the button and start talking; the radio reopens the predefned frequency automatically (that is, the virtual circuit). An SVC is more like a shortwave or ham radio. You musttune the transmitter and receiver to a new frequency every time you want to communicatewith someone.GANGlobal Area NetworkWAN . Intranet/Extranet/InternetIntranet , Extranet (VPN) , LAN : PC, TCP/IP, AP, , : , Mobility, , WPAN : , IrDA, DECT, RFiD(10~15m)WLANWLAN? AP AP , . AP . .AP , .SSID WLAN SSID, Service Set ID . SSID WLAN .WLAN . .SSID AP 2OSA, open system authentication, SSID . AP .SKA, Shared key Authentication, AP .--> AP . -->AP .WEP (dynamic) - 802.1xAll-in-one, p. 771MAC
Data Link Layer (MAC):Responsible for reliable link-to-link data transferChannel access (CSMA/CA)AddressingFrame Validation (management, data, control frames)Error detectionSecurity MechanismsPhysical (PHY) Layer:Responsible for putting bits on the air
802.11 stack
-How 802.11 Wireless Works
802.11802.11 - - FHSS 2.4 GHz, 2 Mbps
WEPWEP(Wired Equivalent Privacy ) -802.11 :. RC4. IV XOR .CRC-32 (ICV, Integrity Check Value) . WEP ( 802.11 ) - , , , IV, . - --AP , (? AP ?) .-- AP .-SSID - .., -RC4( ) - .-WEP-40, WEP-104( -104)- .. - IV - . -ICV(Integriy Check Value) , .WEP .TKIP.802.1x EAP IEEE WEP ."reasonably" strong.exportable --> "" . 40 .self-synchronizing - .optional
Wi Fi
802.11b(Wi-Fi)802.11 WLAN " WiFi" ( )802.11a , . : 11Mbps : 2.4 GHz 2.4 GHz "dirty" . , , , QoS . - DSSS802.11a . : 54Mbps : 5GHz 802.11g, 802.11g 2.4 GHz .25 . WLAN . .OFDM , 802.11b, 802.11 .
802.11i()802.11i 2 . - 802.1x - (TKIP, CCMP) .
EAP - 802.11 EAP .802.11i OSI . . 802.11i . Radius - , 802.1x ( , WEP ) - . TKIP - WPACCMP -WPA2. IV . EAP .A AP, B,C EAP . Wi-Fi Alliance .802.11i WPAWPA( Wi-Fi Protected Access )WEP .LEAP() + TKIP(). () - WPA - - AP .. , 3A(Authentication, Authorization, Accountability) EAP+TKIPWPA2WPA : CCMP( AES)IEEE 802.11i == WPA2Personal Enterprise (Radius ) ( ? )WPA2 is a security technology commonly used on Wi-Fi wireless networks.EAP+CCMP802.1x -http://www.ktword.co.kr/abbr_view.php?id=533&m_temp1=2241&nav=2802.1x
802.11 , 3 .(, ).(AP, ). ( RADIUS) , / AP .802.11i - 802.11 802.1x . ..Dynamic Web.AP .AP , , .- HTTP, DHCP SMTP - , .- , .- --> --> , AP --> AP, --> () IP ?.? DHCP ?APTKIPTKIP( Temporal Key Integrity Protocol )WEP : , , IV . (key mixing) : = WEP + IV + MAC . IV (48) IV . ICV MIC ( MAC, Message Authentication Code ) WEPRC4 H/W CCMPCCMP( Counter mode with CBC-MAC Protocol) CBC-MAC AES AES - 128 ( )48 . IV - H/W
802.11g54Mbps802.11n(MIMO)802.11n : 100Mbps , MIMO 600Mbps : 802.11a , 5GHz, OFDM( )
(MIMO) - . 2 2 (HDTV), 802.11ac5 Wi Fi-5Ghz, - 1Gbps, 6.93Gbps. - 802.11n 3 . - 802.11n 6 .HD
802.15()WPAN, Wireless Personal Area Network .PDA , , bluetooth 802.15 .2.4Ghz pairing - authorize the pairing 4bit PIN BLEBLE - Bluethooth Low Energy , . SM(Security Manager) .
802.16(WiMAX)MAN( Metropolitan Area Network) LAN . . Wibro/WiMAX 802.16 . -> -> base station()--> 802.16-->
Ad hoc WLANAP . NIC .Ad hoc , peer-to-peer .SSIDSSID( Service Set IDentifier ) :AP(= node) ( 32 )AP SSID SSID Disabling the SSIDX-> SSID WAP SSID . .MAC AP PC MAC , 48 H/W ( ), WPANWPAN , , Wireless Personal Area NetworkBlueTooth IEEE 802.15.1L2CAPLogical Link Control & Adaptation Protocol, , PIN("0000") , discovery mode , bluejacking" " , .Bluejacker (, PDA, ) , . Bluejacker , .bluesnarfing , , , bluebugging UWBUltra-WideBand, IEEE 802.15.3aUSN
.PC , HDTV PC . .3.110.6 10m1 .UWB 1990 '' . , 100~500M 100m 10 1 .ZigbeeZigbeeLow Rate-WPAN,, IEEE 802.15.4NFCNear Field Commnunication, . 424 ., , iBeacon (1)- ?http://hrmac.tistory.com/849 . ) . . (2) - NFC http://hrmac.tistory.com/850WiBEEMWireless Beacon-enabled Energy Efficient Mesh network u-City USN QoSgood -http://www.tta.or.kr/data/weekly_view.jsp?news_id=1976http://blog.naver.com/PostView.nhn?blogId=loudlove&logNo=150086381767
WMANMAC-802.16WWANMAC-802.20WAP WAP(Wireless Application Protocol)http://rsiwin.com.ne.kr/docu/DATA/wap.htm : , (PDA), WAP : HTML WML(Wireless Markup Language) WTLS( ) TLS WAP GW 1.0 -> WTLS -> WAP(->)-> SSL-> (WAP GW 1.0)WAP GW2.0 bypass WAP WML WAP WML( ), XML .http://www.scitech.co.kr/upload/book_image/s_012/WAP&WML_ch1.PDF : (low bandwidth), (high latency), (connection availability) , . Gap in WPA WTLS TLS 1GAMPS(FDMA)2G:CDMAPCS:TDMA/CDMAGSM:FDMA/TDMA3GW-CDMACdma2000 1x EV-DO4GLTEInforever, , p.16 OFDMMIMOAll-IP , , : DLC, ISDN, xDSL : HFC(Cable TV) : HFC, FTTx : WLL, Wibro( DCE, Data Communication Equipment) - Modem - PSTNDSU( Digital Service Unit) - ISDN( ), Repeater CSU(Channel Service Unit) - ,T1, E1( )&,Communication Networks/Error Control, Flow Control, MAChttps://en.wikibooks.org/wiki/Communication_Networks/Error_Control,_Flow_Control,_MACLink-to-link , . MAC . . , . . . MAC IP .Collision domain , .L2 , 1:1 1:N . . : N , , , : 1 , , . x AP AP AP AP . " " " (deterministic intervals)" . .
token passing (used by Token Ring and FDDI/ CDDI)Carrier-SensingCSMACSMA,CSMA/ CA (used by 802.11 and AppleTalk),CSMA/ CD (used by Ethernet)CSMA/CA , " , " .This is the LAN media access technology that performs communications using the following steps:1. The host has two connections to the LAN media: inbound and outbound. The host listens on the inbound connection to determine whether the LAN media is in use.2. If the LAN media is not being used, the host requests permission to transmit.3. If permission is not granted after a time-out period, the host starts over at step 1.4. If permission is granted, the host transmits its communication over the outbound connection.5. The host waits for an acknowledgment.6. If no acknowledgment is received after a time-out period, the host starts over at step 1.AppleTalk and 802.11 wireless networking are examples of networks that employ CSMA/CA technologies.CSMA/CD . , .
This is the LAN media access technology that performs communications using the following steps:1. The host listens to the LAN media to determine whether it is in use.2. If the LAN media is not being used, the host transmits its communication.3. While transmitting, the host listens for collisions (in other words, two or more hosts transmitting simultaneously).4. If a collision is detected, the host transmits a jam signal.5. If a jam signal is received, all hosts stop transmitting. Each host waits a random period of time and then starts over at step 1.Ethernet networks employ the CSMA/CD technologyACK()NACK()polling LAN ( ) 2 ( ) 2 . SDLC, HDLC
polling (used by SDLC, HDLC, and some mainframe systems)MA & Multiplexing : Multiple Access( ) Access Channel, Paging Channel Traffic Channel Multiplexing() () - T(Time)DM RF( Radio Frequency) - FDM - W(Wave)DM Statistical time-division multiplexing. MAMultiple AccessFDMA (sub-bands, ) , () . 1GTDMA ( )GSM (promiscuous mode )CDMA "" - OFDMAFDMA TDMA MIMO - .MIMO - .4G MultiplexingTDMFDMWDMOFDMVPLSvPLS, Virtual Private LAN ServicesService provider IP/MPLS multipoint-to-multipoint layer 2 VPN Service( ) (ethernet bridging) LAN Ethernet-based multipoint communication () , . (spread spectrum) . !, .FHSS, Frequency hopping spread spectrum, DSSS, Direct Sequence Spread Spectrum, OFDM, Orthogonal frequency-division multiplexing,
FHSSFHSS, Frequency hopping spread spectrum, () .FHSS hopping sequence . (interference) " " WLAN , .DSSSDSSS, Direct Sequence Spread Spectrum, FHSS . , (Chipping code) " ( ) , () " . (parity) FHSS 802.11bOFDM multiplexing - "OFDM" FHSS, DSSS .( OFDM > DSSS > FHSS )FHSS, DSSS . , WLAN .802.11aOrthogonal frequency-division multiplexing, a digital multicarrier modulation scheme that compacts multiple modulated carriers tightly together, reducing the required bandwidth. The modulated signals are orthogonal(perpendicular) and do no interfere with each otheruses a composite of narrow channel bands to enhance its performance in high-frequency bands , .OFDM is officially a multiplexing technology and not a spread spectrum technology, but is used in a similar manner IEEE802.1AX-2008 ( ) (fault tolerance)
. LACP (Link Aggregation Control Protocol) , LACP .LACP . , . L4 , , (3) (2) ., , , WiFi Spanning Tree Protocol(STP)OSI 2 a network protocol that ensures a loop-free topology for any bridged Ethernet LANallows redundant links to be available in case connection links go down OSI 2 .DataLink -http://www.ccs-labs.org/~dressler/teaching/netzwerksicherheit-ws0607/10_LinkLayerSecurity.pdf . . WEP WPA(Wi-Fi Proctected Access), WPA2MAC Address FilteringMAC , . WEP MAC Address , EAPIEEE 802.1x , TLS LAN . LAN . - SSID - , (RADIUS) - MAC - AP . MAC .VPN- .DMZ AP . - 802.11i war driving (War Driving ) : , GPS Rouge AP Rouge Access PointWLAN http://www.securedgenetworks.com/blog/Controller-vs-Controllerless-Wifi-Whats-the-Difference
http://www.cs.wustl.edu/~jain/cse574-10/ftp/capwap/index.html - . . . (Sim ) -> WIPSWIPSa network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).WIPS
.De-Auth . WiFi- - TDMA Captive Portal WiFi : EAP-TLS, EAP-PEAP ( all-in-one p.591) ., 802.1x . 2 , 802.1x (802.1AR), EAP-TLS .RADIUS 802.1AF, - . , 802.1AE, MACSec , 1) 802.1AR"Standard for Local and Metropolitan Area Networks: Secure Device Identity" DevID (MAC, , IP? - .) (, , ) EAP-TLS .2) 802.1AFAuthenticated Key Agreement for MACSec key agreement function 3) 802.1AE - MACSecIEEE MAC Security standard , , MACSec 2 (media access-independent) . MACSec "MACSec Security Entity(SecY)" . .()VPN(IPSec, SSL ) 802.1AR(DevID)802.1AF(KEY_Authenticated Key Agreement for MACSec802.1AE(MACSec) () , , .( , UTP ) , , . , , , . , , , , ()HSSI HSSI(High Speed Serial Interface) WAN , --> HSSI --> WAN(ATM, ) DTC/DCE HSSI . is a DTE/ DCE interface standard that defines how multiplexors and routers connect to high-speed network carrier services such as ATM or Frame Relay. A multiplexor is a device that transmits multiple communications or signals over a single cable or virtual circuit. HSSI defines the electrical and physical characteristics of the interfaces or connection points and thus operates at OSI layer 1 (the Physical layer).
The border connection device between WAN and LAN is called thechannel service unit/ data service unit (CSU/ DSU). These devices convert LAN signals into the format used by the WAN carrier network and vice versa. The CSU/ DSU contains data terminal equipment/ data circuit-terminating equipment (DTE/ DCE), which provides the actual connection point for the LANs router (the DTE) and the WAN carrier networks switch (the DCE). The CSU/ DSU acts as a translator, a store-and-forward device, and a link conditioner. A WAN switch is simply a specialized version of a LAN switch that is constructed with a built-in CSU/ DSU for a specific type of carrier network. There are many types of carrier networks, or WAN connection technologies, such as X. 25, Frame Relay, ATM, and SMDS. &
1000baseT - gigabit
- tighter twists of the wire pairs, variations in the quality of the conductor, and variations in the quality of the external shielding. , , , , (twist) :
cat5e (Twisted Pair ) STP(Shielded TP), UTP( Unshielded TP) , . (interference) (attenuation) . (Fiber Optics)(light waves) - cladding .( ) , , EMI . . - - - single mode. glass core . multi mode. . .. . , "always on" , . , . () RJ-11, RJ-45( ), BNC, RS-232, . . , .(, , ) . (frequency spectrum).The communication channel is usually some frequency spectrumthe broadband technology provides delineation between these frequencies and techniques on how to modulate the data onto the individual frequency channels. , . : (Noise), (Attenuation), /, (Crosstalk, ) , , (Faraday Cage) WEP, WPA/WPA2, EAP, TKIP/CCMP(AES) , , attenuation (distance) CAT (check the cable specifications against throughput requirements, and err on the side of caution),crosstalk , use shielded cables, place cables in separate conduits, or use cables ofdifferent twists per inch) cable breaks avoid running cables in locations where movement occurs),interference use cable shielding,use cables with higher twists per inch, or switch to fiber-optic cables)eavesdropping maintain physical security over all cable runs or switch to fiber-optic cables). attenuationLength of the cablecable breakscable malfunctions crosstalk signals leak from wire signals from one wire 'spill over' and disrupt signals on another wire. The tighter the twisting, the less vulnerable the wires are to cross-tallk(Emanation) TEMPEST (Control zone) (white noise) , content-filtering . . SMTP SMTP From . Reply-To whaling " (CEO, CFO. COO, CSO)" SMTP-AUTHSMTP Authentication . SMTP-AUTH ., SPFSender Policy Framework IP . DNS , IP . Exchanges IP . , DDoS DNS (Resource Records) DNS DNS Name: ()Type : (16)A(Address)- IP NS(Name Server)CNAME(Canonical Name)SOA(Start Of Authority)WKS(Well-known Services)PTR(Pointer):IP HINFO(Host Information)MX( Mail Exchange) : "[email protected]" ("mail.abc.com") . MX A (mail.abc.com->IP )SIG( Security Signature )KEY( Security Key)NXT( Next Domain)AAAA(IPv6)NAPTR(Naming Authority Pointer )Class : , INTTL, RDLength,RD : Name, Type, Class (Zone) (Zone) UDP DNS IP .(Authoritative Data) (Cached Data) ( ) (Glue) . DNS . ,, IP .. . . , .. .nslookupDNSDNS , : 53UDP : 512 512 TCP
DNS Question : Answer : Authority : Additional : QR( Query Record ) : ? ?OPCODERD( Recursion Desired) : 1- . RA(Recursion Available ): .
dig (domain information groper) (DNS) . dig . dig . , resolv.conf resolver . DNS . dig (IDN) .nslookup (dig ) IP DNS (DNS) . Displays information that you can use to diagnose Domain Name System (DNS) infrastructure.tracert . : . , . ping tracert .