HIT7720 Secure Networks

Warren Harrop
wharrop@swin.edu.au Swinburne University of Technology

%utline
!d&inistration Sub'ect !

focus

brief history of teleco&&unications networ*ing review

()

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

"

!d&inistration
Warren

Harrop +Ta*ing all classes,

wharrop@swin.edu.au -./#"a -&ail &e to &a*e a consultation ti&e

!

word on e&ail
Use your student account ( wont reply to: superStudent1"$@g&ail.co& (0ll will delete e&ail fro& non1swin accounts Why2
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ $

!d&inistration +",
Sub'ect 1 1

outline +%n 3lac*board,

4 " hr lecture +Wed, 4 " hr practical +Tues or Thurs,

3ring student (6 7 attendance is &ar*ed using space1age

5ou &ust turn up to your scheduled practical session

technology
!lthough ta*en8 attendance does not contribute to grade

96ay

off Tues Wee* 1" : 5our practical now Thurs ;th .ov 1" $:$#p&<
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$

!d&inistration +$,
!dditional

practice of practical sessions

>ab roo&s are open for you to use anyti&e there is no class scheduled +-.$1# or -.$#=, %?@ 5ou could install >inu4 at ho&e +&ore on this in the prac,
%n an old &achine you have spare %n a second H6 in your &ain )A ?unning as a virtual &achine +as in the prac,

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

Sub'ect focus
Understanding We

of topics8 not &e&orisation

will try not to only focus on BHowC Duestions

BHow do you run n&ap on the () address 1E".1/F.1.1 and discover what protocol is running on port ;""$2C
n&ap 1sG 1p ;""$ 1E".1/F.1.1

BWhyC

Duestions are &ore i&portant

BWhy would an attac*er run n&ap against your server2C

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

Sub'ect focus +",

Hodern

teleco&&unications is co&plicated

! networ* engineer0s favourite icon is:

The si&plifying cloud to abstract away co&ple4ity

To

help understanding we will anchor all of this sub'ect to the B() networ* stac*C and the security issues at each layer
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ ;

Sub'ect focus +$,

?eDuire&ents: 1".= Self

hrs +note8 only directed learning

hrs are classes,

I understanding +not &e&orisation,

6evelop The

anlytical s*ills

difficulty of this sub'ect...

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

?eferences
>argely (nternet based reading
?elevant lin*s as we go along

So&e revision lin*s on blac* board

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

6ifficulties of Bnetwor* securityC

Huch crap is said
%ften by people who want to sell you so&ething 3oth under1 and over1e&phasis on how big an issue is

>evels of ris* are a person by person +or co&pany by co&pany, &atter The networ*ing layers are often collapsed
Security BproductsC that do everything We0ll discuss this as we go along
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ 1#

! brief history of teleco&&unications

.ot

too far bac*8 and not too &uch detail...

B(f you wish to &a*e an apple pie fro& scratch8 you &ust first invent the universe.C 1 Aarl Sagan

want to show how &uch of a disruptive and transfor&ative idea ()v was8 and still is it0s evolution8 and put into conte4t its Bgrowing painsC8 of which security is one

Show

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

11

! brief history of teleco&&unications +",

1F$#s -lectric telegraph8 &orse code 1F;" 7 !ustralian overland telegraph

!delaide to 6arwin8 allowed the south and east of !ustralia to co&&unicate with -urope

1E"#s 1 Goice8 Hu&an switched 1E$#s 1 Goice8 Hechanically switched +step1by1 step, 1E/#s 1 Goice8 ?elay switched +cross1bar, 1EF#s 1 Goice8 6igitally circuit switched
J !ll date periods are very appro4i&ate
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ 1"

! brief history of teleco&&unications +$,

1E/E 1E;=

7 !?)!.-T net 91< 1 TA)/() 1 6igital data 1 circuit switched 1 6igital data 1 pac*et routed 1 6igital data 1 circuit switched fades

1EE#s 1EE#s "###s

B6u&b coreC K Bs&art edgeC K Bopen standardsC L BwinC

91< http://rule$ .caia.swin.edu.au/video/Ao&puter.etwor*sMTheHeralds%f?esourceSharingM=1"*b.&p

HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ 1$

! brief history of teleco&&unications + ,

1EFE 7 Nirst (nternet lin* to !ustralia +Satellite, 91< 1EE1 1 HTT) O1EE 1 HTT)S O"##= 1 6.SS-A defined O"#1" 1 1##Hbit eDuip&ent goes in the bin. 1#Pig lin*s are boring8 # and 1## are available. "#22 1 6.SS-A widely i&ple&ented "#22 1 Secure routing
[1] Geoff Huston, "AARNet 20 years later" http://il.cc.s in.e!u.au/ilectures/ilectures.lasso"ut#22$%i!#1&'((
HIT7720 http://swin.edu.au wharrop@swin.edu.au 1 !ug "#1$ 1

! brief history of teleco&&unications +=,

So

the story is still being written...

This sub'ect is about a constantly changing and evolving topic 5our learning should be ongoing

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

1=

() networ*ing review
The

() networ* stac* &ove&ent

)ac*et !?) 6.S

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

1/

The () networ* stac*

%S( ()

&odel 7 ; layers +or is it F2, needs to consider each layer

&odel 7 = layers layer2 Q a *ey Duestion

Security Which What What >ots

layer is an attac* using2 layer+s, does a security tool address2

of interlin*ed aspects to security

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

1;

The () networ* stac* +",

)rotocol Stac* !pplication Transport (nternet 6ata >in* )hysical -4a&ple protocols http/ftp/6.S TA)/U6)/SAT) ()v /()v/ -thernet/S%.-T
A!T= copper/fibre

-4a&ple units of &onitored data >og files Nlows

)er1pac*et statistics Girtual circuit status 3it errors/ loss of synchronisation

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

1F

Honitoring a networ*
How

can we &onitor a networ* at each layer2

6ata Types Transfer )rotocols Garious Sys>og/Garious S.H) netflow8 ()N(R Garious Aollector process+es,

Hetering process+es,

.(6S >og files

.etwor*

H(3 Nlows

%bservation )oint+s, ?aw )ac*ets

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

1E

?evision Duestion

(&agine you are sitting at a lab &achine at Swinburne that has 'ust booted and logged in. 5ou open a web browser and go to the U?> http://www.swin.edu.au/. 3riefly describe what happened to retrieve this web page. (nclude discussion of your host8 the 6.S server8 the inter&ediate switches8 routers and the server. !ssu&e the 6.S server and web server are located on ca&pus. Neel free to speculate on Swinburne0s networ*ing layout8 but assu&e at least one router and a nu&ber of switches between you and the 6.S server and web server. !lthough Swinburne utilises G>!.s8 you can ignore the& for this Duestion.

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

"#

)ractical
Paining

fa&iliarity of:

Uni4 >ab virtualisation syste&

HIT7720

http://swin.edu.au

wharrop@swin.edu.au

1 !ug "#1$

"1