Network Architecture

Fundamentals
Niranjana.S.Karandikar
Networking Devices
Hub
Switch
Router
Gateway
Modem
Firewall
IPS
IDS
DHCP
DNS
UTM
Server
HUB
Depending upon the topology the placement of the hub
varies
Asks every node its identity and forwards the frame
Switch
Smarter than the hub
SmarterWHY???
Contains ARP table
ARP table contains:
Ports( switch ports not system ports)
IP
MAC
Load balancing capability
Incase of DOS, acts like HUB
Router
Router
Forwards data packets BETWEEN networks
Contains routing configuration tables:-
Information on which connections lead to
particular groups of addresses
Priorities for connections to be used
Rules for handling both routine and special
cases of traffic




Jobs
Ensures that information doesn't go where it's
not needed
Information does make it to the intended
destination

Switch,Hub,Router???
Intelligence is the key difference!!!
Segments,Packets,Frames
Each layer have its header, as you can see:
Segments: Transport layer (TCP/UDP) = transport header +
data (from upper layer)
Packet: Internet layer (IP) = network header + transport
header and data (both transport and data from upper layers)
Frames: Network layer (Ethernet) = frame header + network ,
transport header and data (from three upper layers).
So, answering to your question, the difference between
segment, packet and frames are basically what it's respective
layer consider as "data". On a segment, data comes from the
application layer, on a packet, data comes from the transport
layer (transport header + data) and on a frame, the data
comes from the internet layer (transport and internet headers
+ data from application layer).

To be precise
Segment = original data + Transport Layer
header.
Packet = Segment + Network Layer header.
Frame = Packet + Data Link Layer header.
So basically that means that if we put the
headers aside, Segments = Packets = Frames.
Gateway
A gateway is the same as a router, except in
that it also translates between one network
system or protocol and another.
The NAT protocol for example uses a NAT
gateway to connect a private network to the
Internet.
Modem
Modulator
Demodulator
Firewall
Types
Packet filtering
Application Level- - -Proxy Servers
Circuit level Gateways
Stateful Multilayer Inspection(Dynamic)
Working Principle
ACL : Access Control Lists
Black Listing
Allow: ALL
Deny: LISTED
White Listing
Deny : ALL
Allow: LISTED
IDS
Intrusion Detection System
PASSIVE
Monitors
Identifies Malicious or Suspicious activity
Generates logs(useful for auditing and
implementation)
ALERTS
IDS-Architecture
Types
NIDS
HIDS
Signature based
Heuristic or Anomaly based
Signature based
Pattern matching: :Black listing
Allows all except the listed ones in the DB
New or Modified Attacks!!!
Heuristic based
Looks for behavior that is distinct from the
formed baseline of process
Acceptable events are predefined
Activity classified as:
i. Good/benign
ii. Suspicious
iii. unknown

IPS
Intrusion Prevention System
ACTIVE
Takes actions such as:
Sending an alarm to the administrator (as
would be seen in an IDS)
Dropping the malicious packets
Blocking traffic from the source address
Resetting the connection

Methods of Detection
Signature based
Anomaly Based
Signature Based
As an exploit is discovered, its signature is
recorded and stored in a continuously growing
dictionary of signatures.
Signature detection for IPS breaks down into
two types:
Exploit-facing
Vulnerability-facing
Exploit Facing
Exploit-facing signatures identify individual
exploits by triggering on the unique patterns
of a particular exploit attempt.
The IPS can identify specific exploits by finding
a match with an exploit-facing signature in the
traffic stream

Vulnerability Facing
Vulnerability-facing signatures are broader
signatures that target the underlying
vulnerability in the system that is being
targeted.
These signatures allow networks to be
protected from variants of an exploit that may
not have been directly observed in the wild,
but also raise the risk of false-positives.

DHCP
Dynamic Host Configuration Protocol
that assigns unique IP addresses to devices,
then releases and renews these addresses as
devices leave and re-join the network.
Used in both IPv4 as well as IPv6
DNS
Domain Name Server
Table containing IP addresses and Domain
names
Total 13 DNS servers globally
Many sub DNS
Local DNS
UTM
Unified Threat Management
Combo of devices
Integrated devices
Eg: Router+Firwall+IDS+IPS
Server
Central Repository

VPN
Virtual Private Network
Private Network In Public Network
Data transmitted through encrypted channels
DMZ
Demilitarized Zone or Perimeter Network
Public Facing
Web servers
Mail servers
FTP servers
VoIP servers