SSL & IP Security

Lets start with the basic concepts before jumping into SSL & IPSec directly.

Network Model Standard

The layered concept of networking was developed to accommodate changes in technology. Each layer of a specific network model may be responsible for a different function of the network. Each layer will pass information up and down to the next subsequent layer as data is processed.

The OSI Network Model Standard:

The OSI network model layers are arranged here from the lower levels starting with the physical (hardware) to the higher levels.

1. Physical Layer - The actual hardware.
2. Data Link Layer - Data transfer method (802x ethernet). Puts data in frames and ensures error free transmission. Also controls the timing of the network transmission. Adds frame type, address, and error control information. IEEE divided this layer into the two following sublayers.
   1. Logical Link control (LLC) - Maintains the Link between two computers by establishing Service Access Points (SAPs) which are a series of interface points. IEEE 802.2.
   2. Media Access Control (MAC) - Used to coordinate the sending of data between computers. The 802.3, 4, 5, and 12 standards apply to this layer. If you hear someone talking about the MAC address of a network card, they are referring to the hardware address of the card.
3. Network Layer - IP network protocol. Routes messages using the best path available.
4. Transport Layer - TCP, UDP. Ensures properly sequenced and error free transmission.
5. Session Layer - The user's interface to the network. Determines when the session is begun or opened, how long it is used, and when it is closed. Controls the transmission of data during the session. Supports security and name lookup enabling computers to locate each other.
6. Presentation Layer - ASCII or EBCDEC data syntax. Makes the type of data transparent to the layers around it. Used to translate date to computer specific format such as byte ordering. It may include compression. It prepares the data, either for the network or the application depending on the direction it is going.
7. Application Layer - Provides services software applications need. Provides the ability for user applications to interact with the network.

Many protocol stacks overlap the borders of the seven layer model by operating at multiple layers of the model. File Transport Protocol (FTP) and telnet both work at the application, presentation, and the session layers.

The Internet, TCP/IP, DOD Model :

This model is sometimes called the DOD model since it was designed for the department of defense It is also called the TCP/IP four layer protocol, or the internet protocol. It has the following layers:

1. Link - Device driver and interface card which maps to the data link and physical layer of the OSI model.
2. Network - Corresponds to the network layer of the OSI model and includes the IP, ICMP, and IGMP protocols.
3. Transport - Corresponds to the transport layer and includes the TCP and UDP protocols.
4. Application - Corresponds to the OSI Session, Presentation and Application layers and includes FTP, Telnet, ping, Rlogin, rsh, TFTP, SMTP, SNMP, DNS, your program, etc.

Please note the four layer TCP/IP protocol. Each layer has a set of data that it generates.

1. The Link layer corresponds to the hardware, including the device driver and interface card. The link layer has data packets associated with it depending on the type of network being used such as ARCnet, Token ring or ethernet. In our case, we will be talking about ethernet.
2. The network layer manages the movement of packets around the network and includes IP, ICMP, and IGMP. It is responsible for making sure that packages reach their destinations, and if they don't, reporting errors.
3. The transport layer is the mechanism used for two computers to exchange data with regards to software. The two types of protocols that are the transport mechanisms are TCP and UDP. There are also other types of protocols for systems other than TCP/IP but we will talk about TCP and UDP in this document.
4. The application layer refers to networking protocols that are used to support various services such as FTP, Telnet, BOOTP, etc. Note here to avoid confusion, that the application layer is generally referring to protocols such as FTP, telnet, ping, and other programs designed for specific purposes which are governed by a specific set of protocols defined with RFC's (request for comments). However a program that you may write can define its own data structure to send between your client and server program so long as the program you run on both the client and server machine understand your protocol. For example when your program opens a socket to another machine, it is using TCP protocol, but the data you send depends on how you structure it.

Data Encapsulation, a Critical concept to be understood

When starting with protocols that work at the upper layers of the network models, each set of data is wrapped inside the next lower layer protocol, similar to wrapping letters inside an envelope. The application creates the data, then the transport layer wraps that data inside its format, then the network layer wraps the data, and finally the link (ethernet) layer encapsulates the data and transmits it.
Each network layer either encapsulates the data stream with additional information, or manages data handling or come part of the connection.

Without going into a great deal of technical detail, I will describe a general example of how these layers work in real life. Assuming that the protocol stack being used is TCP/IP and the user is going to use an FTP client program to get or send files from/to a FTP server the following will essentially happen:

1. The user will start the FTP client program on the sending computer.
2. The user will select the address (If the user selected a name, a description of DNS would need to be described complicating this scenario) and port of the server.
3. The user will indicate to the FTP client program that they want to connect to the server.
4. The application layer will send information through the presentation layer to the session layer telling it to open a connection to the other computer at a specific address and port. The presentation layer will not do much at this time, and the presentation layer is actually handled by the FTP program.
5. The session layer will negociate through to the FTP server for a connection. There are several synchronization signals sent between the client and server computers just to establish the connection. This is a description of the sending of a signal from the client to the server:
   1. The session layer of the client will send a data packet (SYN) signal to the transport layer.
   2. The transport layer will add a header (TCP header) to the packet indicating what the source port is and what the destination port is. There are also some other flags and information that will not be discussed here to minimize complexity of this explanation.
   3. The network layer will add source IP address and destination IP address along with other information in a IP header.
   4. The datalink layer will determine (using ARP and routing information which is not discussed here for brevity) the hardware address of the computer the data is being sent to. An additional header (ethernet) will be added at this layer which indicates the hardware address to receive the message along with other information.
   5. The information will be transmitted across the physical wire (hardware layer) until the signal reaches the network card of the server computer. The signal may go through several hubs or repeaters.
   6. The FTP server will normally only look for ethernet frames that are matching its own hardware address.
   7. The FTP server will see the ethernet frame matching its address and strip the ethernet header information and send it to the network layer.
   8. The network layer will examine the IP address information, strip the IP header, and if the IP address matches its own, will send the information to the transport layer.
   9. The transport layer will look at the TCP port number and based on the port number and services being run, will strip the TCP header and send the information to the appropriate program which is servicing the requested port.
   10. At this point, the session layer in the FTP program will conduct a series of data exchanges between itself through all the lower layers to the client computer until a session is established.
6. At this point information may be sent through several FTP commands between the client and the server. Every transmission passes through the network layers from the application layer down to the hardware layer and back up the layers on the receiving computer.
7. When the client decides to terminate the session layer will be informed by the higher layers and will negociate for the closing of the connection.

Symmetric and Asymmetric encryption:
Now before getting to our actual topic one more essential topic to be understood is key encryption.

how a packet travel in network securely reaching the destination without getting read/hacked by other in the network?
The answer is simple by "Encrypting" with the packet, which can be read only with particular key, which will be kept secret between End-hosts, the encrypted packet is called "Cipher" this concept is none as "cryptography".

There are many crystallographic algorithms, which can be classified into
1. Symmetric
2. Asymmetric

1.Symmetric

In a symmetric cipher, both parties must use the same key for encryption and decryption. This means that the encryption key must be shared between the two parties before any messages can be decrypted. Symmetric systems are also known as shared secret systems or private key systems.

Symmetric ciphers are significantly faster than asymmetric ciphers, but the requirements for key exchange make them difficult to use.

                                          Figure 1. Symmetric Key exchange

But, how this key will be exchanged between the two hosts? 
If the key is disclosed to any 3rd person all the communication between the two hosts can be read by 3rd person. To over come this Asymmetric encryption will be used. 

2. Asymmetric 
In an asymmetric cipher, the encryption key and the decryption keys are separate. In an asymmetric system, each person has two keys. One key, the public key, is shared publicly. The second key, the private key, should never be shared with anyone.

When you send a message using asymmetric cryptography, you encrypt the message using the recipients public key. The recipient then decrypts the message using his private key. That is why the system is called asymmetric.

Figure 2. Asymmetric Key exchange. 

Because asymmetric ciphers tend to be significantly more computationally intensive, they are usually used in combination with symmetric ciphers to implement effect public key cryptography. The asymmetric cipher is used to encrypt a session key and the encrypted session key is then used to encrypt the actual message. This gives the key-exchange benefits of asymmetric ciphers with the speed of symmetric ciphers.

DES and AES are symmetric ciphers. RSA and Diffie-Hellman are asymmetric ciphers.

Collection of Network basics

1.Understanding LAN Switches: