VIEWS: 13 PAGES: 11 POSTED ON: 9/19/2011
IP TCP/IP ROUTER IP/ROUTER VOIP Hacer Çondur & Tugba Agcaoglu What is IP? An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device— including routers, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address. An IP address can also be thought of as the equivalent of a street address or a phone number (compare: VoIP (voice over (the) internet protocol)) for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. IP addresses can appear to be shared by multiple client devices either because they are part of a shared hosting web server environment or because a proxy server (e.g., an ISP or anonymizer service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. The analogy to telephone systems would be the use of predial numbers (proxy) and extensions (shared). What is IP?(another explan.) The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork. IP is a network layer protocol in the internet protocol suite and is encapsulated in a data link layer protocol (e.g., Ethernet). As a lower layer protocol, IP provides the service of communicable unique global addressing amongst computers IP addressing and routing Perhaps the most complex aspects of IP are IP addressing and routing. Addressing refers to how end hosts become assigned IP addresses and how subnetworks of IP host addresses are divided and grouped together. IP routing is performed by all hosts, but most importantly by internetwork routers, which typically use either interior gateway protocols (IGPs) or external gateway protocols (EGPs) to help make IP datagram forwarding decisions across IP connected networks. In computer networking the term routing (or routeing) refers to selecting paths in a computer network along which to send data. Routing directs forwarding, the passing of logically addressed packets from their source network, toward their ultimate destination through intermediary nodes; typically hardware devices called routers. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the best routes to various network destinations. Thus constructing routing tables, which are held in the routers' memory, becomes very important for efficient routing. Routing differs from bridging in its assumption that address-structures imply the proximity of similar addresses within the network, thus allowing a single routing-table entry to represent the route to a group of addresses. Therefore, routing outperforms bridging in large networks, and it has become the dominant form of path-discovery on the Internet. Small networks may involve manually configured routing tables, while larger networks involve complex topologies and may change constantly, making the manual construction of routing tables very problematic. Nevertheless, most of the public switched telephone network (PSTN) uses pre-computed routing tables, with fallback routes if the most direct route becomes blocked; see routing in the PSTN. Dynamic routing attempts to solve this problem by constructing routing tables automatically, based on information carried by routing protocols, and allowing the network to act nearly autonomously in avoiding network failures and blockages. Dynamic routing dominates the Internet. However, the configuration of the routing protocols often requires a skilled touch; one should not suppose that networking technology has developed to the point of the complete automation of routing. Packet-switched networks, such as the Internet, split data up into packets, each labeled with the complete destination address and each routed individually. Circuit switched networks, such as the voice telephone network, also perform routing, in order to find paths for circuits (such as telephone calls) over which they can send large amounts of data without continually repeating the complete destination address. Traditional IP routing stays relatively simple because it uses next-hop routing where the router only needs to consider where it sends the packet, and does not need to consider the subsequent path of the packet on the remaining hops. However, more complex routing strategies can be, and are, often used in systems such as MPLS, ATM or Frame Relay, which are sometimes used as underlying technologies to support IP networks. Classed IP Addressing and the Use of ARP Consider a small internal TCP/IP network consisting of one Ethernet segment and three nodes. The IP network number of this Ethernet segment is 200.1.2. The host numbers for A, B, and C are 1, 2, and 3 respectively. These are Class C addresses, and therefore allow for up to 254 nodes on this network segment. Each of these nodes have corresponding Ethernet addresses, which are six bytes long. They are normally written in hexadecimal form separated by dashes (02-FE-87-4A-8C-A9 for example). In the diagram above and subsequent diagrams, we have emphasized the network number portion of the IP address by showing it in red. Suppose that A wanted to send a packet to C for the first time, and that it knows C's IP address. To send this packet over Ethernet, A would need to know C's Ethernet address. The Address Resolution Protocol (ARP) is used for the dynamic discovery of these addresses . ARP keeps an internal table of IP address and corresponding Ethernet address. When A attempts to send the IP packet destined to C, the ARP module does a lookup in its table on C's IP address and will discover no entry. ARP will then broadcast a special request packet over the Ethernet segment, which all nodes will receive. If the receiving node has the specified IP address, which in this case is C, it will return its Ethernet address in a reply packet back to A. Once A receives this reply packet, it updates its table and uses the Ethernet address to direct A's packet to C. ARP table entries may be stored statically in some cases, or it keeps entries in its table until they are "stale" in which case they are flushed. Consider now two separate Ethernet networks that are joined by a PC, C, acting as an IP router (for instance, if you have two Ethernet segments on your server). Device C is acting as a router between these two networks. A router is a device that chooses different paths for the network packets, based on the addressing of the IP frame it is handling. Different routes connect to different networks. The router will have more than one address as each route is part of a different network. Since there are two separate Ethernet segments, each network has its own Class C network number. This is necessary because the router must know which network interface to use to reach a specific node, and each interface is assigned a network number. If A wants to send a packet to E, it must first send it to C who can then forward the packet to E. This is accomplished by having A use C's Ethernet address, but E's IP address. C will receive a packet destined to E and will then forward it using E's Ethernet address. These Ethernet addresses are obtained using ARP as described earlier. If E was assigned the same network number as A, 200.1.2, A would then try to reach E in the same way it reached C in the previous example - by sending an ARP request and hoping for a reply. However, because E is on a different physical wire, it will never see the ARP request and so the packet cannot be delivered. By specifying that E is on a different network, the IP module in A will know that E cannot be reached without having it forwarded by some node on the same network as A. What is Routing Table? Referring to a database on a router. Store that routers' information in the database. Direct forwarding by matching destination addresses to the network paths used to reach them. Types 1-Network destination The network destination is used with the netmask to match the destination IP address. The network destination can range from 0.0.0.0 for the default route through 255.255.255.255 for the limited broadcast, which is a special broadcast address to all hosts on the same network segment. 2-Netmask The netmask is the subnet mask that is applied to the destination IP address when matching it to the value in the network destination. When netmask is written in binary, a "1" must match and a "0" need not match. For example, a default route uses a 0.0.0.0 netmask that translates to the binary value 0.0.0.0, so bits need not match. A host route--a route that matches an IP address--uses a 255.255.255.255 netmask that translates to the binary value 11111111.11111111.11111111.11111111, so all of the bits must match. 3-Gateway The gateway address is the IP address that the local host uses to forward IP datagrams to other IP networks. This is either the IP address of a local network adapter or the IP address of an IP router (such as a default gateway router) on the local network segment. 4-Interface The interface is the IP address that is configured on the local computer for the local network adapter that is used when an IP datagram is forwarded on the network. 5-Metric A metric indicates the cost of using a route, which is typically the number of hops to the IP destination. Anything on the local subnet is one hop, and each router crossed after that is an additional hop. If there are multiple routes to the same destination with different metrics, the route with the lowest metric is selected. For information about adding routes to the IP routing table, see Add a static IP route. For information about deleting routes in the IP routing table, see Remove a static IP route. ROUTER A router is a computer networking device that buffers and forwards data packets across an internetwork toward their destinations, through a process known as routing. Routing occurs at layer 3 (the Network layer e.g. IP) of the OSI seven-layer protocol stack. A router acts as a junction between two or more networks to buffer and transfer data packets among them. A router is different from a switch and a hub: a router is working on layer 3 of OSI model, a switch on layer 2 and a hub on layer 1. This makes them work for different situations: a switch connects devices to form a Local area network (LAN) (which might, in turn, be connected to another network via a router). So for example, a router at home connects the Internet Service Provider's (ISP) network (usually on an Internet address) together with the LAN in the home (typically using a range of private IP addresses, see network address translation) and a single broadcast domain. The switch connects devices together to form the LAN. Sometimes the switch and the router are combined together in one single package sold as a multiple port router. In order to route packets, a router communicates with other routers using routing protocols and using this information creates and maintains a routing table. The routing table stores the best routes to certain network destinations, the "routing metrics" associated with those routes, and the path to the next hop router. See the routing article for a more detailed discussion of how this works. Routing is most commonly associated with the Internet Protocol, although other less-popular routed protocols are in use. Router means Connection between different networks... sample example: 192.168.0.1 to 10.0.0.1. Classes of routing protocols Depending on the relationship of the router relative to other autonomous systems, various classes of routing protocols exist: Interior Gateway Protocols (IGPs) exchange routing-information within a single autonomous system. Common examples include: IGRP (Interior Gateway Routing Protocol) EIGRP (Enhanced Interior Gateway Routing Protocol) OSPF (Open Shortest Path First) RIP (Routing Information Protocol) IS-IS (Intermediate System to Intermediate System) Open Shortest Path First (OSPF) The Open Shortest Path First (OSPF) protocol is a link-state, hierarchical interior gateway protocol (IGP) for network routing. Dijkstra's algorithm is used to calculate the shortest path tree. It uses path cost as its routing metric. Path cost is determined generally by the speed (aka bandwidth) of the interface addressing the given route. A link state database (LSDB) is constructed as a tree-image of the network topology, and identical copies of the LSDB are periodically updated on all routers in each OSPF-aware area (region of the network included in an OSPF area type--see "Area types" below). By convention, area 0 represents the core or "backbone" region of an OSPF-enabled network, and other OSPF area numbers may be designated to serve other regions of an enterprise (large, business) network--however every additional OSPF area must have a direct connection to the backbone or 0 OSPF area. OSPF is perhaps the most widely-used IGP in large networks. The most widely-used (EGP) exterior gateway protocol is BGP. OSPF Protocol can operate (communicate with other routers about "best-path" routes to save in their LSDBs) securely, using MD5 to authenticate peers before forming adjacencies, and before accepting link-state advertisements (LSA). A natural successor to the Routing Information Protocol (RIP), it was VLSM-capable or classless from its inception. A newer version of OSPF (OSPFv3) now supports IPv6 as well. Multicast extensions to OSPF, the Multicast Open Shortest Path First (MOSPF) protocols, have been defined, but these are not widely used at present. OSPF can "tag" routes, and propagate the tags along with the routes. An OSPF network can be broken up into smaller networks. A special area called the backbone area forms the core of the network, and other areas are connected to it. Inter-area routing goes via the backbone. All areas must connect to the backbone; if no direct connection is possible, a virtual link may be established. Routing Information Protocol (RIP) The Routing Information Protocol (RIP) is one of the most commonly used interior gateway protocol (IGP) routing protocols on internal networks (and to a lesser extent, networks connected to the Internet), which helps routers dynamically adapt to changes of network connections by communicating information about which networks each router can reach and how far away those networks are. Although RIP is still actively used, it is generally considered to have been made obsolete by routing protocols such as OSPF and IS-IS. Nonetheless, a somewhat more capable protocol in the same basic family (distance-vector routing protocols), was Cisco's proprietary (IGRP) Interior Gateway Routing Protocol. IGRP in turn has been 'enhanced' by Cisco to EIGRP. RIP is sometimes said to stand for Rest in Pieces in reference to the reputation that RIP has for breaking unexpectedly, rendering a network unable to function. Intermediate system to intermediate system (IS-IS) Intermediate system to intermediate system (IS-IS), is a protocol used by network devices (routers) to determine the best way to forward datagrams or packets through a packet-based network, a process called routing. IS-IS is an Interior Gateway Protocol (IGP) meaning that it is intended for use within an administrative domain or network. It is not intended for routing between networks or administrative domains, a job which is the purpose of an Exterior Gateway Protocol, such as Border Gateway Protocol (BGP). IS-IS is a link-state routing protocol, meaning that it operates by reliably flooding topology information throughout a network of routers. Each router then independently builds a picture of the network's topology. Packets or datagrams are forwarded based on the best topological path through the network to the destination. IS-IS uses Dijkstra's algorithm for identifying the best path through the network Interior Gateway Routing Protocol (IGRP) Interior Gateway Routing Protocol (IGRP) is a kind of IGP which is a distance-vector routing protocol invented by Cisco, used by routers to exchange routing data within an autonomous system. IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 16, and a single routing metric) when used within large networks. IGRP supports multiple metrics for each route, including bandwidth, load, delay, MTU, and reliability; to compare two routes these metrics are combined together into a single metric, using a formula which can be adjusted through the use of pre- set constants. The maximum hop count of IGRP-routed packets is 255 (default 100). IGRP is considered a classful routing protocol. As the protocol has no field for a subnet mask the router assumes that all interface addresses have the same subnet mask as the router itself. This contrasts with classless routing protocols that can use variable length subnet masks. Classful protocols have become less popular as they are wasteful of IP address space. The protocol is unique in its treatment of default routes, or gateways of last resort. Rather than configuring a specific default gateway route, a network administrator must flag preexisting static routes as candidates for a default route. If two or more default route candidates exists, IGRP calculates the optimal default route based each route's metrics. Enhanced Interior Gateway Routing Protocol (EIGRP) Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary routing protocol loosely based on their original IGRP. EIGRP is an advanced distance-vector routing protocol, with optimizations to minimize both the routing instability incurred after topology changes, as well as the use of bandwidth and processing power in the router. Most of the routing optimizations are based on the Diffusing Update Algorithm (DUAL) work from SRI, which guarantees loop-free operation. In particular, DUAL avoids the "count to infinity" behaviour common in distance-vector routing protocols when a destination becomes completely unreachable. The maximum hop count of EIGRP-advertised routes (i.e. destination networks) is 220. EIGRP has a lower maximum hop count than IGRP, 220 for EIGRP and 255 for IGRP. TCP/IP TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP. TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination. TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher- level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.) Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite." What is VOIP? Voice over IP – the transmission of voice over packet-switched IP networks – is one of the most important emerging trends in telecommunications. As with many new technologies, VOIP introduces both security risks and opportunities. Lower cost and greater flexibility are among the promises of VOIP for the enterprise, but the technology presents security administrators with significant security challenges. Administrators may mistakenly assume that since digitized voice travels in packets, they can simply plug VOIP components into their already-secured networks and remain secure. Unfortunately,the process is not that simple. This publication explains the challenges of VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an organization’s VOIP network. VOIP security considerations for the public switched network are largely outside the scope of this document. VOIP systems take a wide variety of forms, including traditional telephone handsets, conferencing units, and mobile units. In addition to end-user equipment, VOIP systems include a variety of other components, including call processors/call managers, gateways,routers, firewalls, and protocols. Most of these components have counterparts used in data networks, but the performance demands of VOIP mean that ordinary network software and hardware must be supplemented with special VOIP components. Not only does VOIP require higher performance than most data systems, critical services, such as Emergency 911 must be accommodated. One of the main sources of confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in packets just like other data, existing network architectures and tools can be used without change. Packet networks depend for their successful operation on a large number of configurable parameters: IP and MAC (physical) addresses of voice terminals, addresses of routers and firewalls, and VOIP specific software such as call processing components (Call Managers) and other programs used to place and route calls. Many of these network parameters are established dynamically every time network components are restarted, or when a VOIP telephone is restarted or added to the network. Because there are so many places in a network with dynamically configurable parameters, intruders have a wide array of potentially vulnerable points to attack. Overview of VoIP Many readers who have a good understanding of the Internet and data communications technology may have little background in transmitting voice or real-time imaging in a packet-switched environment. One of the main sources of confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in packets just like other data, existing network architectures and tools can be used without change for voice transmission. Unfortunately, VOIP adds a number of complications to existing network technology, and these problems are complicated by security considerations. Most of this report is focused on how to overcome the complications introduced by security requirements for VOIP. For several years, VOIP was a technology prospect, something on the horizon for the ―future works‖ segment of telephony and networking papers. Now, however, telecommunications companies and other organizations have already or are in the process of moving their telephony infrastructure to their data networks. The VOIP solution provides a cheaper and clearer alternative to traditional PSTN phone lines.Unfortunately, although its implementation is widespread, the technology is still very much in its adolescence. It is growing in quick spurts throughout North America and Europe, but it is still awkwardly implemented on most legacy networks, and often lacks compatibility and continuity with existing systems. Nevertheless, VOIP will capture a significant portion of the telephony market, given the fiscal savings and flexibility that it can provide. VOIP Security Security concerns are nothing new for voice. Legacy phone systems have had trouble with toll fraud for decades. Businesses of all sizes adopting IP telephony need to seriously consider its security implications. But while a number of threats exist, three stand out as the most dangerous, particularly to smaller organisations: denial of service, spit and fraud. VOIP Security (Another expln) From the combination of these networks comes an interesting convergence of the attacks against them. Just as the two networks are amalgamating into one, so are two branches of the hacking community. In the past, ―phone phreaks‖ devised and implemented attacks against the public telephone system, exploiting features that allowed them to make long distance calls for free, eavesdrop on conversations, and conduct other malicious activities. Phreaking developed according to the same principle as hacking, that the best way to learn about a system is to exploit it. The tools developed by these early attackers often exploited the phone company’s use of in-band signaling, that is, using the same lines and protocols for signaling information as for voice communication. One of the most famous of these devices was use of a whistle from a Captain Crunch cereal box that produced a frequency (2600 Hz) that enabled the phreaker to make free calls. With the introduction of VOIP, the need for security is compounded because now we must protect two invaluable assets, our data and our voice. Federal government agencies are required by law to protect a great deal of information, even if it is unclassified. Both privacy-sensitive and financial data must be protected, as well as other government information that is categorized as sensitive but unclassified. Protecting the security of conversations is thus required. In a conventional office telephone system, security is a more valid assumption. Intercepting conversations requires physical access to telephone lines or compromise of the office private branch exchange (PBX). Only particularly security-sensitive organizations bother to encrypt voice traffic over traditional telephone lines. The same cannot be said for Internet-based connections. For example, when ordering merchandise over the phone, most people will read their credit card number to the person on the other end. The numbers are transmitted without encryption to the seller. In contrast, the risk of sending unencrypted data across the Internet is more significant. Packets sent from a user’s home computer to an online retailer may pass through 15-20 systems that are not under the control of the user’s ISP or the retailer.Because digits are transmitted using a standard for transmitting digits out of band as special messages, anyone with access to these systems could install software that scans packets for credit card information. For this reason, online retailers use encryption software to protect a user’s information and credit card number. So it stands to reason that if we are to transmit voice over the Internet Protocol, and specifically across the Internet, the same security measures utilized in this scenario must be applied.The current Internet architecture does not provide the same physical wire security as the phone lines. The key to securing VOIP is to use the security mechanisms already deployed in data networks (firewalls, encryption, etc.) to emulate the security level currently enjoyed by PSTN network users. This report investigates the attacks and defenses relevant to VOIP and explores ways to close the security gap between today’s telephones and data networks.
Pages to are hidden for
"IP"Please download to view full document