Search this blog


Home About About Me
April 21, 2009

Internet Structure  

The structure of the Internet

The Internet is a tangled web of different machines in different networks with different users. A regular user does not need to understand all the complicated ways in which the Internet works. A general idea of its structure is enough to get the most out of it.

The participants in the Internet are a wide variety of machines, organizations and individuals (whose number keeps increasing steadily), all able to communicate and share information.

Each machine in the Internet is called a host. Hosts may be of many different types, as the following figure show:hosts


Variety of Internet hosts

The next diagram shows how a user in the USA send a mail to an user in the Theoretical Physics Department of the University of Madras. The user, from her home at USA, dials up (2400 bytes per second line) to a workstation in a university, writes and sends the message. The workstation send the mail, via a 2 Mbps line, to JVC net, a provider of Internet services. From there, a connection via satellite is made to the Software Technology Park, in Bangalore. There, the mail is forwarded to the Institute of Mathematical Sciences, via another satellite connection. Finally, the user in the Theoretical Physics Department of the University of Madras, dias up to IMSc, and collects his mail.example

A connection between USA and Madras

The hosts of the Internet have names assigned to them in a structured way. The convention used is known as DNS, Domain Name System. A person with access to a machine or network, will have a user name in that system. The user name, together with the host/network name, forms the e-mail address of the person. For example, rahul@imsc.res.in is the e-mail address of a person with user name "rahul", in the domain "imsc.res.in" This last name contains quite some information: it is divided in several subdomains: "imsc", which is the domain that identifies all the machines in the Institute of Mathematical Sciences, and "ernet", the Educational and Research Network in India. Finally, the address ends with the domain that identifies the country, in this example "in" for India. So we can see that the structure of the e-mail address of the typical Internet user is
account@[subdomain].[subdomain]...domain

The domain is the right most label, and they are organized in a very well-specified and regulated system. The domains in the USA are gov, edu, arpa, com, mil, org and net. Outside the USA, each nation has a domain assigned to it, e.g. in=India, es=Spain, fr=France, etc. Within a nation there might be several subdomains, like "ac" for academic institutions in the uk (United Kingdom) domain. The following picture shows an example of domain structure.




domain


Domain structure within India

The IP (Internet Protocol) address is the underlying identifier used by protocols that govern the Internet information exchange. Machines know each other by IP addresses, rather than names. For example, the host imsc1.imsc.res.in has IP address 202.41.95.2 When you send a message, or open an ftp connection, to another machine, your local host will try first to find the IP address of the host you are trying to connect. This is done via name servers, which are machines containing files with IP addresses. A way of finding an IP address corresponding to a given DNS name is by using the facility "nslookup" Details will be given in the practical demonstration. When you want to have an address for a new computer, you need to register it properly, so that it gets an IP address in an organized way, and the rest of the Internet knows about your machine. Registration is done usually by the "superuser" of your system. More information can be obtained from doe.ernet.in for hosts in academic institutions within India.

January 26, 2009

Physical Topologies and Logical Topologies  

Introduction

While studying for the CISSP exam, you need to be familiar with the different network topologies that exist. If you do not know how a network is laid out or how the devices communicate on that network, it is extremely difficult for you to protect that network. This paper discusses the difference between the two. We define physical and logical topology and discuss the various types that exist in each category.

Physical Topologies

Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the network. There are five main types of physical topologies that can be used and each has its own strengths and weaknesses. These five types include:

  • Bus
  • Ring
  • Star
  • Hybrid or tree
  • Mesh

Bus

The bus topology exists when each of the systems is connected in a line, as seen in Figure 1. In this topology, all the systems are chained to each other and terminated in some form on each end. This topology was used in the early days of networking because it was inexpensive to use and relatively easy to set up.

Figure 1--Bus Network

When a packet is sent in a bus topology, there is no intermediary to determine who the packet should go to. Because of this, every packet that is sent in a bus topology is received by all systems on the network. Normally, if the packet is not for a particular system, the computer would simply disregard the packet; however, you can see the security implications of this type of network. If a malicious user were on this network and utilized a packet capture program, he could see every conversation that occurred between machines.

The following table identifies additional advantages and disadvantages of the bus topology:

AdvantagesDisadvantages
Easy to installOut-of-date technology
Costs are usually lowIf cable breaks, whole network is down
Easy to add systems to networkCan be difficult to troubleshoot
Great for small networksUnmanageable in a large network

Ring

The ring topology exists when each of the systems is connected to its respective neighbor forming a ring, as seen in Figure 2. This physical topology has many of the same strengths and weaknesses of the bus topology. The main difference between the bus and ring is that the ring topology does not require termination. Because the systems are connected all together in a loop, there is no beginning and end point as there is with the bus topology. For additional fault tolerance or performance enhancements, you can add a second ring. This configuration is seen in Fiber Distributed Data Interface (FDDI) networks.

Figure 2--Ring Network

The following table identifies additional advantages and disadvantages of the bus topology:

AdvantagesDisadvantages
Easy to installOut-of-date technology
Costs are usually lowIf cable breaks, whole network is down
Easy to add systems to networkCan be difficult to troubleshoot
Great for small networksUnmanageable in a large network

Star

In the previous two topologies, the systems in the network were connected to each other. In the star topology, instead of being connected to each other, the systems are now connected to some central device, as seen in Figure 3. In the star topology, one of the biggest advantages is that when one system goes down, it does not bring the rest of the network down with it as it does in the bus or ring topologies. The star topology is the most prevalent topology in use today. The strengths and weaknesses of the star topology can be seen in Table 3.

Figure 3--Star Network

The following table identifies some additional advantages and disadvantages of the bus topology:

AdvantagesDisadvantages
Easy to installCosts are usually higher than with bus or ring networks
Easy to add devices to networkIf you have only one central device and it fails, it brings the network down
One break does not bring whole network down 
Easier to troubleshoot 
Widely used 
Centralized management 

Hybrid or Tree

The hybrid or tree topology is simply a combination of the other topologies. Figure 4 shows an example of a hybrid network. In this layout, we have three star networks that are connected to each other through a bus topology shown by the red line.

Figure 4--Hybrid Network

Mesh

The mesh topology is the last topology we discuss. In this layout, every system is connected to every other system. The main advantage of this topology is high availability. The main disadvantage of this topology is cost, both administrative and physical. Because each system is connected to each other, the amount of cabling and maintenance necessary can be prohibitive, especially in larger networks. The formula for determining the amount of cable needed in a mesh network is:

  • (N x (N - 1))/2, where N is the number of systems to be interconnected

In our example in Figure 5, we have six systems that require 15 cables to create a mesh network. This topology is mainly used in Wide Area Network environments or in environments where high availability outweighs the costs associated with this amount of interconnection.

Figure 5--Mesh Network

The following table identifies additional advantages and disadvantages of the mesh topology:

AdvantagesDisadvantages
Extremely fault tolerantExpensive
Difficult to implement 
Difficult to administer 
Difficult to troubleshoot 

Logical Topologies

The Logical topology defines how the systems communicate across the physical topologies. In CISSP terms, you may hear logical topology referred to as the LAN media access method or network access method. There are two main types of logical topologies:

  • shared media topology
  • token-based topology

Shared Media

In a shared media topology, all the systems have the ability to access the physical layout whenever they need it. The main advantage in a shared media topology is that the systems have unrestricted access to the physical media. Of course, the main disadvantage to this topology is collisions. If two systems send information out on the wire at the same time, the packets collide and kill both packets. Ethernet is an example of a shared media topology.

To help avoid the collision problem, Ethernet uses a protocol called Carrier Sense Multiple Access/Collision Detection (CSMA/CD). In this protocol, each system monitors the wire, listening for traffic. If traffic is detected, the system waits until it hears no traffic before it sends packets out. If a situation occurs where two systems send out packets at the same time and a collision occurs, each system waits for a period of time before it retries. This time period is different for each system, so that the collision does not occur again.

For small networks, the shared media topology works fine; however, as you begin to add more systems to the network, there is a greater opportunity for collisions. To help reduce the number of collisions, many networks are broken up into several smaller networks with the use of switches or hubs, and each network is then referred to as its own collision domain.

Shared media networks are typically deployed in a bus, star, or hybrid physical topology.

Token Based

The token-based topology works by using a token to provide access to the physical media. In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels around the network, each system examines the token. When the packets arrive at the destination systems, those systems copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.

Token-based networks do not have the same collision problems that Ethernet-based networks do because of the need to have possession of the token to communicate. However, one problem that does occur with token-based networks is latency. Because each machine has to wait until it can use the token, there is often a delay in when communications actually occur.

Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the originating machine for it to release. The ring topology best facilitates this requirement.

Summary

Understanding the different physical and logical topologies is an important skill set for the information security professional. Knowing how a network is laid out and how the devices communicate on that network can help you make better security decisions to protect your environment and prevent incidents from occurring.



Free Hit Counters


The OSI Reference Model  

The OSI Reference Model

The Open Systems Interconnect (OSI) reference model is commonly used to describe in an abstract manner the functions involved in data communication. This model, originally conceived in the International Organization for Standardization (ISO), defines data communications functions in terms of layers.

In the OSI reference model, each layer is responsible for certain basic functions, such as getting data from one device to another or from one application on a computer to another. The functions at each layer both depend and build on the functions-called services- provided by the layers below it. Communication between peer entities at a given layer is done via one or more protocols; this communication is invoked via the interface with the layer below.

The OSI reference model is depicted in Table 0.1. Successful communication between two applications depends on successful functions at all seven layers. In terms of implementation, it is possible for some layers to be trivial; in the end what is required depends on the needs of the applications (and people) engaged in communication.

 

 

Table 0.1: OSI Reference Model

 

Layer

Title

 

7

Application

Higher Layers

6

Presentation

 

5

Session

 

4

Transport

 

3

Network

Lower Layers

2

Data Link

 

1

Physical

 

 

We must emphasize that the definition of a layered data communication architecture is only an abstraction. The intent of this definition is to unambiguously describe the functions involved in data communication in a way which allows different systems to be compared. The OSI reference model definition is intended to neither imply nor constrain the implementation of any communication system.

Although various companies and standards bodies have created different layered communications models, the OSI reference model remains the universally-accepted common denominator for abstract definition. Other models define the layer functions somewhat differently and often have fewer than seven layers. In some cases constituent protocols were specified before the abstract models defining the end-to-end communication.

Layer 1 - The Physical Layer

The physical layer functions include all physical aspects of communicating between two directly-connected physical entities. Typically these physical properties include electromechanical characteristics of the medium or link between the communicating physical entities such as connectors, voltages, transmission frequencies, etc. This layer summarizes the physics which underlie the communication path.

The essential service provided by the physical layer consists of an unstructured bit stream, which can be used by higher layers to provide the basis for higher layer communication services. An example of a physical layer is the ink on paper used by this book to convey information. Another example is the radio frequencies used in a wireless communications system.

Layer 2 - The Data Link Layer

The data link layer accepts the unstructured bit stream provided by the physical layer and provides reliable transfer of data between two directly-connected Layer 2 entities. "Directly-connected" means that the Layer 2 entities' communication path does not require another Layer 2 entity. However, this does not imply a dedicated path; in the case of Ethernet, many Layer 2 entities can be sharing a common (physical) medium such as a coaxial cable or a 10BASE-T hub.

Layer 2 functionality is limited in scope-delivery of messages over a local area. It could be likened to an intra-office correspondence between co-workers; there is a need for reliability but addressing is relatively simple. Local area networks (LANs) operate at Layer 2.

The data link layer is itself conceptually subdivided into two sublayers-medium access control and logical link control-which more specifically define the primary aspects of data link layer functionality. However, this conceptual partitioning by the IEEE 802 committee is somewhat arbitrary and subject to debate.

The MAC Sublayer

The medium access control (MAC) sublayer is closely associated with the physical layer and defines the means by which the physical channel (medium) may be accessed. It coordinates the attempts to seize a shared channel by multiple MAC entities, much as a school teacher must arbitrate between pupils' conflicting desires to speak. The MAC layer commonly provides a limited form of error control, especially for any header information which defines the MAC-level destination and higher-layer access mechanism.

Ethernet (IEEE 802.3) is a prime example of a shared medium with a defined MAC sublayer functionality. The shared medium in Ethernet has traditionally consisted of a coaxial cable into which multiple entities were "tapped," as depicted in Figure 0.5. Although this topology still applies conceptually, a hub and spoke medium is now typically used, in which the earlier coaxial cable has been physically collapsed into a hub device.

  

Figure 0.5: Ethernet MAC System

1#1

 

Ethernet MAC System

As a contention medium, Ethernet defines how devices sense a channel for its availability, wait when it is busy, seize the channel when it becomes available andback-off for a random length of time following a collision with another simultaneously transmitting device. On a shared channel, such as Ethernet, only a single entity can transmit at a time or messages will be garbled.

Not all shared channels involve contention. A prime example of a contentionless shared medium is token ring (IEEE 802.5), in which control of the channel is rotated between the devices sharing the channel in a deterministic round-robin manner. Conceptually, control of the channel is given to the entity currently possessing a "token." If the device has nothing to transmit, it passes the token to the next device attached to the topological "ring," depicted in Figure 0.6.

  

Figure 0.6: Token Ring MAC System

1#1

 

Token Ring MAC System

IEEE-defined MAC sublayer addresses are six bytes long and permanently assigned to each device, typically called a network interface card orNIC. The IEEE administers the assignment of these addresses in blocks to manufacturers to assure the global uniqueness that the MAC sublayer protocols rely on for "plug Ôn play" network setup. Each manufacturer must assure individual device identifier uniqueness within their assigned block.

The LLC Sublayer

The logical link control (LLC) sublayer is responsible for reliable transfer of messages-called frames or, more formally, link protocol data units (LPDUs)-between two directly-connected Layer 2 entities. Functions needed to support this reliable transfer include framing (indicating where a Layer 2 message begins and ends), sequence control, error control and flow control.

The degree to which sequence, error and flow control are provided by the LLC sublayer is determined by whether the link protocol is connection-oriented or connectionless. A connectionless link protocol provides little if any support for these functions. A connection-oriented link might use a windowing technique for these functions, in which frames are individually numbered and acknowledged by their sequence number, with only a few such frames outstanding at any time.

The connection-oriented functions of sequencing, error and flow control provide a foundation for services provided by higher layers. As mentioned earlier, not all layer or sublayer functions are explicitly designed or implemented in any given system. Provision of these functions depends on the services required by higher layers.

If the connection-oriented functions of the LLC sublayer are not implemented, they must be performed by higher layers for reliable end-to-end communication. If these functions are provided by several layers, they might be somewhat redundant and add unnecessary overhead (inefficiency) to the system. In the worst case, redundant provision of these functions at multiple layers could serve cross purposes and actually degrade overall system performance.

Connectionless Layer 2 protocols are best suited for high quality transmission media. With high quality transmission media, errors are rarely introduced in the transmission between network layer entities and discovery of and recovery from errors is most efficiently handled by the communicating hosts. In this case, it is better to move the packets quickly across the traversed subnetworks from source to destination rather than checking for errors at Layer 2.

Frame relay is derived from the X.25 (ISO 8208) protocol which spans Layers 2 and 3. X.25 is a connection-oriented packet-switching technology which defines how neighboring packet switches exchange data with one another in a reliable manner from end-to-end. Frame relay simply removes the connection-oriented functions of error and sequence control; however, congestion control functions are provided in frame relay, to prevent the total traffic seen at any point in the network from overwhelming it.

Connection-oriented Layer 2 protocols are best suited for low quality transmission media where it is more efficient and cost-effective to discover and recover from errors as they occur on each hop than to rely on the communicating hosts to perform error recovery functions. With ever-increasing quality of transmission facilities and decreasing costs of computation capability at hosts, the need for connection-oriented network layer protocols is diminishing. However, X.25 remains popular outside of North America, where it has been tariffed at levels which encourage its use.

Layer 3 - The Network Layer

The network layer defines the functions necessary to support data communication between indirectly-connected entities. It provides the capability of forwarding messages from one Layer 3 entity to another until the final destination is reached.

The network layer introduces another layer of abstraction to the data communications model. It moves messages-called packets or, more formally, network protocol data units (NPDUs)-between communicating Layer 3 entities-called end systems, nodes or hosts. Network layer functions include route determination orrouting and forwarding of packets to their final destinations.

In order to forward a packet to its destination host, routing information must be provided to theintermediate systems (ISs) or routers responsible for forwarding packets to their respective destinations. This routing information includes the address of the destination, which is contained in each packet. The next hop to be traversed by the packet is determined primarily by this destination address. We will talk more about addressing and routing in Chapter 1.

This packet forwarding and routing is accomplished independent of both the media and transmission types used at any step along the way. The unimportance of local topology to the network layer is demonstrated by the common use of "cloud diagrams" to depict networks, as in Figure 0.7. Since the network layer is concerned with getting packets across many local networks, called subnetworks, its title would be more accurate if it were the "Internetwork Layer."

 

  

Figure 0.7: Network Layer ``Cloud'' Diagram

1#1

 

Network Layer ``Cloud'' Diagram

The network layer functionality is global in scope-delivery of messages over a wide area. It could be likened to the postal system, in which correspondence is passed from location to location until it eventually reaches the destination address on the envelope.10 The network layer is the domain of wide area networks (WANs).

In order for routers to know how (i.e., on which link) to forward packets, they must have some knowledge of network topology. This knowledge may be complete or partial, and is dynamically created and maintained via routing protocols, used by routers to share their knowledge of network topology with each other. Routing is essentially the reduction of global internetwork topology to local "hop-by-hop" routing decisions made independently by each router.

As with Layer 2, Layer 3 protocols may be connection-oriented or connectionless. A connection-oriented Layer 3 protocol, such as X.25 (ISO 8208), operates more statically. The basic idea is that an end-to-end route (X.25 virtual connection) is established from the originating data terminal equipment (DTE) to data communications equipment (DCE), from DCE to DCE through the network, then from the last DCE to the terminating DTE; this is the call setup. Packets are then transmitted via this prearranged route, with all packets following the same path through the network. Finally the route is torn down (release) and packets cease flowing.

X.25 operation is like a phone call because it is a phone call. X.25 Layer 3 operation assumes that a reliable connection-oriented service is provided by Layer 2 (also defined by the X.25 standard), although it does provide flow control via sequence numbers.

Connectionless Layer 3 protocols, such as the ever popular internet protocol (IP)(RFC11 791 and 792) and its ISO counterpart connectionless network protocol (CLNP) (ISO 8473), route packets dynamically. There is no prearranged path which is followed by subsequent packets flowing from one host to another. Instead each packet is individually routed through a routing mesh; there is no reason to believe that sequential packets flowing between hosts will follow the same path. So sequence errors may be introduced at Layer 3, which must be corrected by a higher layer entity.

Connectionless data packets are commonly referred to as datagrams and the service provided by connectionless Layer 3 protocols is referred to as datagram service. Stateless datagram service is simpler for Layer 3 entities than connection-oriented network layer services. Because there is no state information to maintain, dynamic routing protocols can be used. If a router fails during the dialogue between two communicating hosts, neighboring routers will discover this via the routing protocols and find alternate routes which bypass the failed router.

Layer 4 - The Transport Layer

The transport layer is concerned with getting Layer 4 messages-called segments or, more formally, transport protocol data units (TPDUs) -from source to destination in a reliable manner. The perspective of Layer 4 is of end-to-end communications rather than the hop-by-hop perspective of Layer 3. Layer 4 assumes that packets can be moved from network entity to network entity, eventually getting to the final destination host. How this is accomplished is of no concern to Layer 4 functionality.

Like other layers, transport layer protocols can be either connection-oriented or connectionless, depending on the services required by higher layers. A common implementation of Layers 3 and 4 involves a connection-oriented transport layer protocol running over a connectionless network layer protocol, such as the ubiquitous TCP/IP protocol suite. In this instance, the communicating hosts maintain state information on communications with each other to determine when and what to send. This state information defines the connection between the communicating Layer 4 entities.

The general idea here is that two communicating hosts need not be concerned with the topology of the internetwork which lies between them. They only need to know the state of their pairwise communication. If part of the intervening internetwork "cloud" suffers a failure, the Layer 3 entities (routers) will deal with it and recover dynamically. Aside from potential retransmission of any lost segments, the hosts' Layer 4 entries do not have to be at all concerned with routing and recovery activities at Layer 3.

In the IP protocol suite, the primary connectionless Layer 4 protocol is the User Datagram Protocol (UDP)(RFC 768), which is carried by IP; the primary connection-oriented protocol is the Transmission Control Protocol (TCP)(RFC 793). The ISO world defines five classes of transport layer protocol, beginning with Class 0 (TP-0) for connectionless operation and range up to Class 4 (TP-4)(ISO 8073) for connection-oriented operation.

Layer 5 - The Session Layer

The session layer provides a control structure for communication between applications on hosts. The communication at layer 5 is called a session, which defines the relative timing of communications between the hosts' applications. Synchronization of communicating applications comes into play when coordinated timing of corresponding events at the endpoints is imperative, such as in financial transactions.

Remember, layers define communication functions, not implementations. It is unlikely that a session layer would be explicitly implemented as a stand-alone program, although its functions would be implemented somewhere. Session layer functions depend on the reliability of communications between the endpoints, and session layer functions must therefore be implemented above Layer 4.

Layer 6 - The Presentation Layer

The presentation layer performs any necessary data transformations or formatting required by the end applications. Functions provided by the presentation layer include data compression, file formatting and encryption. Common data formatting is important because it allows the same application file to be accessed by the application running on different computer platforms. This book is itself the product of an application running on different platforms, with common files being modified via these different platforms.

Abstract Syntax Notation (ASN.1) is commonly used to specify data values in a way which allows processors to communicate independent of their varying native integer sizes, bit orderings (big or little endian), character sets, etc. ASN.1 is a transfer syntax, a presentation layer formatting, which appears frequently in the CDPD specification for unambiguous definition of network management, accounting, limited size messaging and other functions.

An example of ASN.1 encoding from an accounting Traffic Matrix Segment in the CDPD specification is the following: 

 

TrafficType ::= INTEGER {

registration (0), 
deregistration (1),
 
ip(2),
 
clnp(3)
 
}

Layer 7 - The Application Layer

The application layer provides the services which directly support an application running on a host. These services are directly accessible by an application via common well-known application program interfaces (APIs), which can actually occur at many layers. Examples of layer 7 services include FTP (file transfer protocol), Telnet and SNMP (simple network management protocol). Most network management activities are based on the services provided by layer 7 application entities, which in turn rely on lower layer services to be able to perform their functions