Syngress - How to Cheat at Securing Windows 2000 Server TCP-IP Connections.pdf

(840 KB) Pobierz
How to Cheat at Securing Windows 2000 TCP/IP
How to Cheat at Securing Windows 2000 TCP/IP
How to Cheat at Securing Windows 2000
TCP/IP
Copyright 2003 by Syngress Publishing,
all rights reserved
How to Cheat at Being a Windows 2000 System Administrator __ Error! Bookmark not
defined.
Copyright 2003 by Syngress Publishing, All rights reserved
1
How to Cheat at Securing Windows 2000 TCP/IP
Copyright 2003 by Syngress Publishing, All rights reserved
2
How to Cheat at Securing Windows 2000 TCP/IP
Copyright 2003 by Syngress Publishing, All rights reserved
3
How to Cheat at Securing Windows 2000 TCP/IP
Copyright 2003 by Syngress Publishing, All rights reserved
4
How to Cheat at Securing Windows 2000 TCP/IP
TOPIC 1: A TCP/IP Primer
TCP/IP is a network protocol based on a 32-bit addressing scheme that enables networks to be
interconnected with routers. The bits in each address are separated into four sets of 8 bits, called
octets, which are separated by periods. With the binary number system, 8 bits can be used to
signify any number from 0 to 255, so the lowest theoretical IP address is 0.0.0.0, while the
highest is 255.255.255.255. Each device, or host, on the network must have a unique IP address
to communicate on the network. In order to communicate on the Internet, IP addresses must be
registered with the organizations that manage the Internet so that routing can be configured
correctly. Two specific network addresses and a range of network addresses are reserved for
private use and are not routed on the Internet. These two network addresses— 10.0.0.0,
192.168.0.0, 172.16.0.0–172.32.255.255—are used on networks that are not connected to the
Internet or connected by using network address translation (NAT) or proxy hosts. NAT and proxy
hosts have two IP addresses, one on the private network and one registered on the Internet, and
handle all communications between the private network and the Internet.
IP Address Classes and Subnets
As you can see in the following table, IP addresses are divided into classes, or blocks of
addresses, for administrative purposes. Each class is also assigned a default subnet mask. The
class structure is simply a way to manage address space. For example, the United States
government might have one or two Class A address spaces instead of thousands of Class C
addresses.
IP Addresses Are Divided into Three Usable Classes
Class Range
Default Mask
Addresses per
Network
A
0.0.0.0–126.255.255.255
255.0.0.0
16 million +
B
128.0.0.0–191.255.255.255 255.255.0.0
64,000 +
C
192.0.0.0–223.255.255.255 255.255.255.0
254
D
224.0.0.0–239.255.255.255 Reserved for multicast addressing
E
240.0.0.0–254.255.255.255 Reserved for experimental use
The subnet mask determines which bits in the IP address are the network address, and
which bits are the host address. If we assumed that the default subnet mask was 255.0.0.0 for a
Class A address, then from the above table it would imply that the first 8 bits (which equals 255)
are the network portion of the address, and the three remaining octets are available for host
addresses. It is not realistically possible to have 16 million hosts on a single network, or even
64,000, without segmenting the network with routers. Accordingly, networks with Class A and B
addresses do not typically use the default mask; often, their subnet masks end up similar to those
of Class C networks. When a mask other than the default is used, subnets are created that enable
the address space to be split up into several smaller networks and route traffic between them. A
Class B network address could be split into 255 networks by using a 255.255.255.0 subnet mask.
The actual number of usable networks, however, is a bit less than 255, due to network and
broadcast addresses.
Subnets and Routing
Routers are devices that connect networks together and relay traffic between networks according
to routing tables that are configured in their memory. IP networks that are not on the same logical
network must have a router to connect them in order for their hosts to communicate. TCP/IP
Copyright 2003 by Syngress Publishing, All rights reserved
5
30586597.001.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin