290 likes | 299 Views
Networking Essentials For Firewall-1 Administrators. “What You Need To Know Before The Packets Flow”. Brief Networking Review. 1. Networking Protocols 2. IP Protocols 3. The OSI Seven-Layer Networking Model 4. TCP And UDP 5. IP Addresses, Subnet Masks and Routing
E N D
Networking Essentials For Firewall-1 Administrators “What You Need To KnowBefore The Packets Flow”
Brief Networking Review • 1. Networking Protocols • 2. IP Protocols • 3. The OSI Seven-Layer Networking Model • 4. TCP And UDP • 5. IP Addresses, Subnet Masks and Routing • 6. Address Resolution Protocol (ARP) • 7. Putting It All Together
1. Networking Protocols • IP (Internet Protocol) • It’s special for two reasons: • The Official Protocol for the Internet • The Only Protocol Supported By VPN-1/Firewall-1! • IPX (Internetwork Packet eXchange) • AppleTalk • DECnet • NetBEUI • Many, Many Others
2. IP Protocols • Some of the Values of the IP Protocol Field: • 1: Internet Control Message Protocol (ICMP) • 6: Transmission Control Protocol (TCP) • 17: User Datagram Protocol (UDP) • 50: IP Security Encapsulating Security Payload (ESP) • 51: IP Security Authentication Header (AH)
Why Use The 7 Layer Model? • Outbound Packets: • An outbound packet travels down the stack and leaves the IP host from below • At many layers, it gets wrapped in additional headers and a checksum footer
Why Use The 7 Layer Model? • Inbound Packets: • An inbound packet enters from below and travels up the stack • At many layers, it gets unwrapped and a header and checksum footer gets stripped off
Why Use The 7 Layer Model? • Each layer is effectively using the packet to communicate with only the corresponding layer on the partner IP host
Where Does Firewall-1 Fit In? • Below Layer 3 • Above Layer 2 • Both Inbound and Outbound
Firewall-1 Does These Things To A Packet • Anti-Spoof Checking: • Uses Source IP Address • Filtering: • Uses both Source and Destination IP Address • Uses both Source and Destination Ports • NAT: • Can change Source or Destination IP Address • Can change Source or Destination Port Number • Routing: • Uses Destination IP Address
4. TCP And UDP • TCP: • Connection-oriented • Missed a packet? Please re-send. • Sort of like a phone call • UDP: • Connection-less • Missed a packet? Tough. • Sort of like a radio station
Port Numbers • Only on TCP and UDP! • Q: How Does Port Address Translation Disambiguate ICMP Traffic? • A: (Discussion)
Common Port Numbers • HTTP: TCP Port 80 • Telnet: TCP Port 23 • FTP: TCP Port 21 • DNS: • Lookups: UDP Port 53 • Zone Transfers: TCP Port 53 • SMTP: TCP Port 25 • POP3: TCP Port 110
5. IP Addresses, Subnet Masks And Routing • Dotted Quad Notation: • This is only a way to represent 32 bits in a human-friendly format • Example: • 11001101|11011011|01010100|00000101 == • 205| 219| 84| 5 == • 205.219.84.5
Dotted Quad Notation • Dotted Quad Notation: • Another Example: • 11111111|11111111|11111111|00000000 == • 255| 255| 255| 0 == • 255.255.255.0
The Subnet Mask • An IP Address really consists of two contiguous parts: • A Network Number (the first N bits), followed by • A Host ID (the remaining 32-N bits) • Where N is the number of bits in the subnet mask • The bit count always sums to 32 (Assuming IPv4 here)
The Two Most Important Subnet Mask Facts • A subnet mask is always a continuous series of 1’s followed by a continuous series of 0’s, with a total count of 32 binary digits • The traditional dotted quad notation for a subnet mask is simply the decimal representation of this 32-bit mask
Why Do We Have Subnet Masks? • So it’s easy to tell whether an IP address is a member of an IP subnet
How Does A Router Route? • Step 1. For each IP interface, use the subnet mask to mask both the IP address on the interface and the destination IP address for the packet in hand. If they match, the we’re done with routing and can use Layer 2 (usually Ethernet) to deliver the packet.
How Does A Router Route? • Step 2. If this comparison of masked IP addresses fails for every IP interface, then iterate through your routing table to determine the next hop and which interface to use to get there. Then send the packet to this next hop by Ethernet, using ARP if necessary to get the MAC address of the destination NIC.
How Does A Router Route? • This business of determining whether to deliver a packet by Layer 2 or route it to its next hop is known as asking yourself: “Do I Route Or Do I Shout?” • “Route” = = “Not in local network, send to next hop” • “Shout” == “Resolve by ARP and send by Layer 2”
6. Address Resolution Protocol (ARP) • Resolves the Forwarding IP Address of a Node to its Corresponding Media Access Control (MAC) Address, typically its Ethernet address • ARP Request Message: • “Any Ethernet host on this segment with the IP address of 205.219.84.5?” • ARP Reply Message: • “That’s me, at 00-03-22-5E-3C-21!”
Address Resolution Protocol (ARP) • The ARP Cache Is A RAM-Based Table Of IP-to-MAC Address Mappings • Cisco IOS: • Timeout is 3 Hours • Windows: • Timeout is 2 Minutes • (Renewable Through Use to 10 Minutes)
7. Putting It All Together • Example and Demonstration