Communications and

Network Security
 Basics
• Telecommunications
• Electromagnetic transmission of data across systems
• Protocol
• A standard set of rules that determine how system communicate with each other
• Open Network Architecture
• No one ones, not proprietary, can easily integrate various technologies and
vendor implementations
• Closed Network Architecture
• Proprietary, owned by a specific company, not integrated with other vendors
 OSI Layer
• The primary Architectural model for inter-computer communications
• Describes how information or data makes its way from application programs
(such as spreadsheets) through a network medium (such as wire) to another
application programs located on another network
• OSI is a layered architecture
• Layer architecture simplifies the network design
• Easy to debug network applications
• Network management is easier
OSI Model : Layered Architecture
• The process of breaking up the functions or tasks of networking into layers reduces complexity.
• Each layer provides a service to the layer above/below it in the protocol specification.
• Each layer communicates with the same layer’s software or hardware on other computers.
• The lower 4 layers (transport, network, data link and physical —Layers 4, 3, 2, and 1) are
concerned with the flow of data from end to end through the network.
• The upper 3 layers of the OSI model (application, presentation and session—Layers 7, 6 and 5)
are orientated more toward services to the applications.
• Data is Encapsulated with the necessary protocol information as it moves down the layers before
network transit.
Data Encapsulation in a layered architecture
Machine A Server B
User data

7-Application 7-Application A A

http http User data User data

6-Presentation 6-Presentation PA PA
User data User data
unicode unicode
5-Session 5-Session SPA SPA
User data
security security User data

4-Transport 4-Transport TSPA TSPA

User data User data
tcp tcp
3-Network 3-Network NTSPA NTSPA
User data User data
ip ip
2-Data link 2-Data link DNTSPA DNTSPA
User data User data
ethernet ethernet
1-Physical 1-Physical
Bit stream 100100010101010010100 Bit stream 100100010101010010100
OSI Layers
 Application Layer
 The application layer is responsible for providing services to the user
 It is at this point that the data is in a visual form a user can truly understand, rather than binary
zeroes and ones
 Does not include applications, rather only protocols that support the applications
 Deals with properly processing and formatting the data before it moves to the layer below
 This layer interfaces with the operating system and other applications and communicates data
between files, messages, and other network activities.
 Handles file transfer, virtual terminals, network management, and fulfilling network requests of
applications.
 Examples are: telnet, FTP, Web Browsers, Email, DNS
 Presentation Layer
• Responsible for defining how information is presented to the user in the interface
(application layer) that they are using.
• This layer provides a common means of representing data
• It is not concerned with the meaning of the data but with the syntax and format of the
data
• Functions
• Protocol conversion
• Data translation
• Compression
• Encryption
• Character set conversion
• No protocols work in this layer
• Example: ASCII, BMP, GIF, JPEG, WAV, AVI, and MPEG
 Session Layer
• The session layer is responsible for establishing, maintaining, synchronizing and
terminating connections between two applications
• Session layer provides mechanism for controlling the dialogue between the two end
systems – Dialogue Management
• This layer requests for a logical connection to be established on an end-user’s
request
• This layer provides services like dialogue discipline which can be full duplex, half
duplex or simplex
• This layer provides interprocess communication channels
• Protocols that work at this layer
• PAP, PPTP, NetBIOS, RPC
• They are the least used protocols in network environments
• Dangerous to have these protocols exposed to external networks
 Transport Layer
• Provides end-to-end data transport services and establishes the logical
connection between two computers
• Ensures that the data units are delivered error free.
• Ensures that data units are delivered in sequence.
• Ensures that there is no loss or duplication of data units.
• Provides connectionless or connection oriented service.
• Provides for the connection management.
• Protocols at this layer: TCP,UDP, AH, SPX
 Network Layer
• Implements routing of frames (packets) through the network.
• Defines the most optimum path the packet should take from the
source to the destination
• Defines logical addressing so that any endpoint can be identified.
• Handles congestion in the network.
• The network layer also defines how to fragment a packet into smaller
packets to accommodate different media
• Protocols that work at this layer: IP, ICMP, OSPF, RIP, IGMP
 Data Link Layer
• Organizes data bits into frames
• The data link layer defines hardware (physical or MAC) addresses as well as
the communication process that occurs within a media type.
• LLC is responsible for handling multiple Layer3 protocols and link services
like reliability flow control and error control
• MAC is responsible for framing and media access control for broadcast
media
• Protocols that work at this layer: PPP, ATM, Ethernet, FDDI, L2TP
 Physical Layer
• Provides physical interface for transmission of information
• Defines rules by which bits are passed from one system to another on a
physical communication medium
• Type of signaling such as analog or digital
• Electrical or optical characteristics of signal
• Asynchronous, synchronous, simplex, full or half duplex
• Data rate such as 10, 100, or gigabit
• Topology such as star, bus, ring
• ISDN, DSL, SONET are some of the standard interfaces at this layer
 Multilayer Protocols
• Distributed Network Protocol 3
• Communications protocol specifically used for SCADA Systems
• Does not incorporate routing functionality
• Controller Area Network Bus
• Protocol designed to allow microcontrollers and other embedded devices to
communicate each other on a shared bus
• Robust in noisy environments
• All devices on the network receive every bit of information sent on the BUS
• Cost Effective
TCP/IP Model
 TCP
• Connection oriented
• Explicit set-up and tear-down of TCP session
• Stream-of-bytes service
• Sends and receives a stream of bytes, not messages
• Reliable, in-order delivery
• Checksums to detect corrupted data
• Acknowledgments & retransmissions for reliable delivery
• Sequence numbers to detect losses and reorder data
• Flow control
• Prevent overflow of the receiver’s buffer space
• Congestion control
• Adapt to network congestion for the greater good
Establishing a TCP Connection
A B

• Three-way handshake to establish connection

• Host A sends a SYN (open) to the host B
• Host B returns a SYN acknowledgment (SYN ACK)
• Host A sends an ACK to acknowledge the SYN ACK
 TCP UDP
Acronym forTransmission Control Protocol User Datagram Protocol or Universal Datagram Protocol

ConnectionTCP is a connection-oriented protocol. UDP is a connectionless protocol.

UsageTCP is suited for applications that require high reliability, and transmission time is UDP is suitable for applications that need fast, efficient transmission, such as games. UDP's stateless
relatively less critical. nature is also useful for servers that answer small queries from huge numbers of clients.

Use by other protocolsHTTP, HTTPs, FTP, SMTP, Telnet DNS, DHCP, TFTP, SNMP, RIP, VOIP.

Ordering of data packetsTCP rearranges data packets in the order specified. UDP has no inherent order as all packets are independent of each other. If ordering is required, it has
to be managed by the application layer.

Speed of transferThe speed for TCP is slower than UDP. UDP is faster because error recovery is not attempted. It is a "best effort" protocol.

ReliabilityThere is absolute guarantee that the data transferred remains intact and arrives in the There is no guarantee that the messages or packets sent would reach at all.
same order in which it was sent.

Header SizeTCP header size is 20 bytes UDP Header size is 8 bytes.

Streaming of dataData is read as a byte stream, no distinguishing indications are transmitted to signal Packets are sent individually and are checked for integrity only if they arrive. Packets have definite
message (segment) boundaries. boundaries which are honored upon receipt, meaning a read operation at the receiver socket will yield
an entire message as it was originally sent.

WeightTCP is heavy-weight. TCP requires three packets to set up a socket connection, before UDP is lightweight. There is no ordering of messages, no tracking connections, etc. It is a small
any user data can be sent. TCP handles reliability and congestion control. transport layer designed on top of IP.

Data Flow ControlTCP does Flow Control. TCP requires three packets to set up a socket connection, UDP does not have an option for flow control
before any user data can be sent. TCP handles reliability and congestion control.
Error CheckingTCP does error checking and error recovery. Erroneous packets are retransmitted UDP does error checking but simply discards erroneous packets. Error recovery is not attempted.
from the source to the destination.

AcknowledgementAcknowledgement segments No Acknowledgment

HandshakeSYN, SYN-ACK, ACK No handshake (connectionless protocol)
IPV4 Address
• An IPv4 address is 32 bits long
• Each address has a network portion and host portion
• Addresses are grouped into classes and then into subnets
• Provides addressing, packet fragmentation, timeouts, TTL, Type of Service
capabilities
• The process of dividing a network into smaller network sections is
called subnetting
CIDR
• Classless Inter Domain Routing provides flexibility to increase or decrease the
class sizes as necessary
• CIDR is also referred to as supernetting
• It is a system of defining the network part of an IP address
• It allows a way to break IP networks down more flexibly than their base class
• CIDR was defined to allow variable length subnet masks (VLSM) to be applied
to networks. The basic premise of VLSM is to provide the count of the number
of network bits in a network.
 IPV6
• Increases the address space than currently by IPV4
• IPv6 allows scoped addresses, end-to-end secure transmission and
authentication
• Has more flexibility and routing capabilities and allows for QoS
• Allows auto configuration and auto tunneling
• Routing infrastructure automatically determines the tunnel endpoints so that
protocol tunneling takes place without pre-configuration
 IPv6 IPv4
IP address size 128 bit IP address size 32 bit
Scalability of multi-cast routing is No such option
improved by adding a scope field to
multicast address
Anycast address – used to send a No such option
packet to any one of a group of
nodes
Extensions to support No support
authentication, data integrity, data
confidentiality
 Scoped Address
The scope allows
routers to immediately
determine how broadly
they should propagate
multicast datagrams, to
improve efficiency and
eliminate problems with
traffic being sent
outside the area for
which it is intended

http://www.tcpipguide.com/free/t_IPv6MulticastandAnycastAddressing-2.htm
 Tunneling Methods
• 6to4 Tunneling Method
• A system that allows IPv6 packets to be transmitted over an IPv4 network
without the need to configure explicit tunnels.
• 6to4 is simply a transparent mechanism used as a transport layer between IPv6
nodes
• 6to4 does not facilitate interoperation between IPv4-only hosts and IPv6-only
hosts
• 6to4 performs three functions:
• Assigns a block of IPv6 address space to any host or network that has a global IPv4
address.
• Encapsulates IPv6 packets inside IPv4 packets for transmission over an IPv4 network using
6in4.
• Routes traffic between 6to4 and "native" IPv6 networks.
• Teredo tunneling
• Teredo is a built-in mechanism in Windows systems that is used to give a
single system behind an IPv4 NAT access to IPv6
• Uses UDP encapsulation
• It is not very reliable, but Teredo is only used when explicitly connecting to an
IPv6 address
• Like 6to4 it uses public relays
• ISATAP
• managed technology for providing IPv6 on an IPv4 network
• It emulates IPv6 connectivity on the IPv4 infrastructure.
• Treats the IPv4 network as virtual IPv6 local links, with mappings from each
IPv4 address to a link-local IPv6 address
• ISATAP is an intrasite mechanism
• Used for connectivity within a same network
 Layer 2 Security Standards
• IEEE MAC Security Standard – 802.1AE
• Defines security infrastructure to provide data confidentiality, data integrity, and data
origin authentication.
• MACsec provides hop-by-hop protection at layer 2
• Integrates security protection into wired Ethernet networks
• IEEE 802.1AR Standard
• Specifies unique per device identifier and management/cryptographic binding of a
device to its identifier
• Allows trustworthiness of devices and facilities secure device provisioning
• These unique hardware based credential identifiers can be used in EAP-TLS
• IEEE 802.1AF – Carries out key agreement functions for the session keys
used for data encryption.
 Converged protocols
• Fiber channel over Ethernet (FCoE)
• Protocol encapsulation that allows Fiber channel frames to ride over Ethernet
networks
• Currently used in some SAN environments, otherwise not commonly used
• Multiprotocol labeling Switching (MPLS)
• It has elements of both layer 2 and layer 3
• It can encapsulate any higher level protocol and tunnel it over a variety of links
• iSCSI
• Encapsulates SCSI data in TCP segment
• This gives the ability of the peripheral device to appear as local though they may be
not physically closer to the local computer.
Transmission Types
Analog Digital
Data is represented in Wave values Data is represented in discrete voltage values

Not reliable over long distance due to distortion More reliable over long distance

Difficult to extract analog signals from Provides efficient and clear cut signaling method
background noise
Could have infinite number of values or states Is a Square wave that exists in discrete states

Can implement data compression to increase

data throughput; provide signal integrity through
repeaters and multiplex different type of data
onto same transmission channel
Asynchronous Synchronous
Start and stop bits are used for communication Synchronization happens over timing sequence,
which is initiated by a clock pulse

ATM protocol uses start stop bits Data link protocol HDLC uses clock pulse
Transfers as frames per start and stop bit Transfer data in a stream of bits
Parity bit used for error control Robust error-checking, CRC
Each byte requires 3 bits of transmission (start, Minimal overhead compared to Asynchronous
stop, parity)
Environments that send data in a non-predictable Used for high-speed high-volume transactions
manner have protocols that use asynchronous
timing mechanisms
 Broadband Baseband

Divides the communication channel into Uses the entire communication channel for
independent sub-channel transmission

Carriers different signals over different sub channel Permits only one signal to transmit at a time

• Bandwidth:
• Number of electrical pulses that can be carried over a link within a second
• Data transfer capability of a connection
• Commonly associated with the amount of available frequencies and speed of a link

• Data throughput:
• Actual amount of data that can be carried over the connection
• Data throughput values can be higher than bandwidth if compression is used.
 Common network cable types

• Coaxial cable

• Unshielded
twisted pair

• Fiber optic
 Why copper?
Copper has several important properties which make it well suited for electronic
cabling:
• Conductivity — Copper is an excellent conductor of electric current and heat.
• Corrosion Resistance — Copper will not rust and is fairly resistant to corrosion.
• Ductility — Copper possesses the ability to be drawn into thin wires without
breaking.
• Malleability — Pure copper is easy to shape.
• Strength — Copper keeps its strength and toughness up to about 400 °F.
Copper Cable Components

Regardless of the construction, most cables contain certain common

elements. These are:
• A sheath or jacket for protection.

• Insulation to prevent short circuits between the individual conductors.

• Spacers to preserve the electrical properties of the cable.

 Cable Insulation

Insulation is a high resistance material that is coated on the conductor to resist the flow of
current between conductors in the cable. There are three primary categories of
insulators:
• Thermoplastics - Polyvinylchloride (PVC), Polyethylene, Polypropylene. These are widely
used and resist most sunlight, ozone, oil, and solvents.
• Fluoropolymers - Teflon. These are used for high temperature applications. Used in
Plenum areas.
• Elastomers - These are rubber like and return to shape after tension is released.
 Plenum
• Cable type codes are important because cables often run in ventilation
system return spaces above ceilings or below floors.
• Such spaces, called plenums, must not quickly fill with toxic gasses should a
small fire break out because the air conditioning system will spread the
poisonous fumes to other areas of the building.
• Plenum-rated cables have jackets made of materials that are slow burning
and do not emit toxious fumes.
 Coaxial Copper Cable
• Coaxial cable consists of a copper center
conductor, either stranded or solid, which
is wrapped in insulation and covered with
one or more layers of braid and foil.
• More resistant to EMI, provides higher
bandwidth, supports longer cable length
than twisted pairs
• Used as transmission line for Radio
frequency signals
 Twisted Pair Copper Cable
• Twisted-pair cabling consists of pairs of insulated
copper wires that are twisted together and then
housed in a protective sheath.
• The twisting of each pair of wires provides a
cancellation effect that helps neutralize noise and null
out interference.
• The tighter the twisting, the more resistant the cable is
to interference and attenuation
• The result is that in twisted-pairs, interference such as
EMI and RFI tends to be canceled out.
 Unshielded Twisted-Pair (UTP) Cable / STP
• This type of cable relies solely on the cancellation effect, produced by the twisted wire
pairs, to limit signal degradation caused by EMI (Electromagnetic Interference) and RFI
(Radio Frequency Interference).
• UTP cable is used in a variety of networks. It can come with many different numbers of
pairs inside the jacket.
• It is the least secure networking cable compared to coaxial and fiber
• STP is more expensive than UTP due to the extra shielding.
• STP is less flexible than UTP because of the shielding and is more difficult to install.
 Fiber-optic cable
• Carries data over glass as light waves
• The glass core is surrounded by protective casing which is enclosed inside
an outer jacket
• It has higher transmission speeds that allow signals to travel over longer
distance
• It is much more secure than UTP/Coaxial
• Single mode:
• Small glass core; can transfer data over long distance; less susceptible to
attenuation
• Multimode:
• Large glass core; can transfer more data, but only to shorter distance
 Cabling Problems
• Noise
• Caused by surrounding devices or characteristics of the wiring
• Eg: motors; computers, fluorescent light, microwave oven
• Attenuation
• Loss of signal strength as it travels
• Attenuation increases with higher frequencies
• Can also be caused by cable breaks and malfunctions
• Cross talk
• Occurs when electrical signals spill over the wires
• UTP is more vulnerable than STP
Karthikeyan Dhayalan
MD & Chief Security Partner

www.cyintegriti.com