This chapter will focus on using routers and switches to increase the security of the network as well as provide appropriate configuration steps for protecting the devices themselves against attacks. Cisco routers are the dominant platform in use today, so where examples are provided, the Cisco platform will be discussed. This does not mean that Cisco is the only platform available — routers and switches from leading companies such as Juniper Networks (www.juniper.net), Foundry Networks (www.foundrynetworks.com), and Extreme Networks (www.extremenetworks.com), perform similar if not identical functions.
The next chapter will discuss firewalls and their ability to filter TCP/IP traffic — firewalls decide what traffic is permitted to enter and exit a given network. While firewalls can be thought of as the traffic cops of the information superhighway, routers and switches can be thought of as the major interchanges and the on and off ramps of those highways.
Switch and Router Basics
The dominant Internetworking protocol in use today is the Transmission Control Protocol/ Internet Protocol (TCP/IP). TCP/IP provides all the necessary components and mechanisms to transmit data between two computers over a network. TCP/IP is actually a suite of protocols and applications that have discrete functions that map to the Open Systems Interconnection (OSI) model. The OSI model is discussed in greater depth in Chapter 11 — for this chapter, we are primarily concerned with TCP/IP functions at the second and third layers of the OSI model, commonly known as the data-link and network layers respectively.
Each computer on a network actually has two addresses. A layer two address known as the Media Access Control (MAC) address, and a layer three address known as an IP address. MAC addresses are 48-bit hexadecimal numbers that are uniquely assigned to each network card by the manufacturer. Each manufacturer has been assigned a range of MAC addresses to use, and each one that has ever been assigned is unique. IP addresses are 32-bit numbers assigned by the network administrator, and they allow for the creation of logical and ordered addressing on a local network. Each IP address must be unique on a given network.
To send traffic, a workstation must have the destination workstation’s IP address as well as a MAC address. Knowing the destination workstation’s hostname, the IP address can be
obtained using protocols such as Domain Name Service (DNS) or Windows Internet Naming Service (WINS). To ascertain a MAC address, the computer uses the Address Resolution Protocol (ARP). ARP functions by sending a broadcast message to the network that basically says, “Who has 192.168.2.10, tell 192.168.2.15.” If a host receives that broadcast and knows the answer, it responds with the MAC address: “ARP 192.168.2.10 is at ab:cd:ef:00:01:02.”
For traffic destined to nonlocal segments, the MAC address of the local router is used. MAC addresses are really only relevant for devices that are locally connected, not those that require packets to travel through layer three devices, such as routers. Also note that no authentication or verification is done for any ARP replies that are received. This facilitates an attack known as ARP poisoning, discussed later in this chapter.
This is a very simplified review of TCP/IP. For a complete discussion, read TCP/IP Illustrated , volumes 1 and 2, by Richard Stevens.
|This chapter is from Network Security: The Complete Reference, by Mark Rhodes-Ousley, Roberta Bragg, and Keith Strassberg (McGraw-Hill/Osborne, 2003, ISBN: 0072226978). Check it out at your favorite bookstore today. Buy this book now.|