Docsity
Docsity

Prepara i tuoi esami
Prepara i tuoi esami

Studia grazie alle numerose risorse presenti su Docsity


Ottieni i punti per scaricare
Ottieni i punti per scaricare

Guadagna punti aiutando altri studenti oppure acquistali con un piano Premium


Guide e consigli
Guide e consigli


PND Parziali (firewall), Appunti di Sicurezza delle reti

Appunti parziali pnd fino ai firewall

Tipologia: Appunti

2025/2026

Caricato il 03/05/2026

alessandro-dori
alessandro-dori 🇮🇹

5 documenti

1 / 102

Toggle sidebar

Questa pagina non è visibile nell’anteprima

Non perderti parti importanti!

bg1
01 -
The
Internet
Created
Checkbox
Select Theory
Status Done
🚨
The
Internet
is
an
interconnected
network
of
networks
.
This
is
a
recursive
definition
:
multiple
independent
networks
(
companies
,
organizations
,
ISPs
)
are
interconnected
to
form
a
global
communication
infrastructure
.
In
order
for
the
Internet
to
operate
efficiently
,
a
hierarchical
organization
is
required
.
Hierarchy
enables
a
clear
separation
of
responsibilities
and
scalable
delegation
of
tasks
.
The
internet
functions
because
many
autonomous
systems
,
devices
and
subnetworks
cooperate
,
distributing
workload
across
multiple
layers
.
This
hierarchical
structure
is
essential
to
ensure
scalability
:
without
hierarchy
,
routing
tables
and
network
management
would
become
unmanageable
as
the
number
of
connected
networks
grows
.
We
can
distinguish
several
components
:
Internet
backbone
:
high
-
capacity
core
infrastructure
interconnecting
major
ISP
backbones
ISP
backbone
:
infrastructure
connecting
organizational
networks
and
providing
access
to
the
global
Internet
Organization
backbone
:
connects
multiple
LANs
within
an
organization
LAN
:
connects
end
systems
A
backbone
is
a
high
-
capacity
infrastructure
composed
of
long
-
distance
links
,
designed
to
interconnect
geographically
distributed
networks
.
The
backbones
move
packets
,
they
behave
like
an
highway
that
handles
a
lot
of
traffic
all
together
.
Backbone
networks
are
optimized
for
high
throughput
and
reliability
,
and
typically
avoid
performing
complex
processing
on
packets
,
focusing
instead
on
fast
forwarding
.
The
end
systems
(
or
hosts
)
are
devices
capable
of
generating
,
processing
and
receiving
data
packets
.
End
systems
run
network
applications
and
rely
on
the
underlying
network
infrastructure
to
deliver
data
across
multiple
intermediate
nodes
.
Not
all
networks
are
connected
to
the
global
Internet
.
Some
operate
as
private
networks
,
meaning
they
are
isolated
.
Sensitive
organization
may
maintain
internal
infrastructure
not
externally
reachable
.
Communication
over
the
Internet
is
governed
by
standards
,
protocols
.
March
20, 2026 254
PM
01 - The Internet
1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Anteprima parziale del testo

Scarica PND Parziali (firewall) e più Appunti in PDF di Sicurezza delle reti solo su Docsity!

01 - The Internet

Created Checkbox Select Theory Status Done

🚨 The^ Internet^ is^ an^ interconnected^ network^ of^ networks.^ This^ is^ a^ recursive^ definition:^ multiple^ independent^ networks

(companies, organizations, ISPs) are interconnected to form a global communication infrastructure. In order for the Internet to operate efficiently, a hierarchical organization is required. Hierarchy enables a clear separation of responsibilities and scalable delegation of tasks. The internet functions because many autonomous systems, devices and subnetworks cooperate, distributing workload across multiple layers. This hierarchical structure is essential to ensure scalability: without hierarchy, routing tables and network management would become unmanageable as the number of connected networks grows. We can distinguish several components: Internet backbone: high-capacity core infrastructure interconnecting major ISP backbones ISP backbone: infrastructure connecting organizational networks and providing access to the global Internet Organization backbone: connects multiple LANs within an organization LAN: connects end systems A backbone is a high-capacity infrastructure composed of long-distance links, designed to interconnect geographically distributed networks. The backbones move packets, they behave like an “highway” that handles a lot of traffic all together. Backbone networks are optimized for high throughput and reliability, and typically avoid performing complex processing on packets, focusing instead on fast forwarding. The end systems (or hosts) are devices capable of generating, processing and receiving data packets. End systems run network applications and rely on the underlying network infrastructure to deliver data across multiple intermediate nodes. Not all networks are connected to the global Internet. Some operate as private networks, meaning they are isolated. Sensitive organization may maintain internal infrastructure not externally reachable. Communication over the Internet is governed by standards, protocols. March 20, 2026 2 54 PM 01 - The Internet 1

🚨 A^ standard^ is^ an^ agreed^ set^ of^ rules^ and^ technical^ specification^ that^ ensures^ interoperability^ and^ compatibility

between different implementations. The Infrastructure Access networks represent the last-mile connectivity, which is often the bottleneck in terms of bandwidth and latency. At the edge of the network, we find different types of access network such as Home Networks, Mobile Networks, Ethernet based LANs. A Local Area Network LAN) consists of devices belonging to the same administrative domain. Devices within a LAN can communicate directly without traversing the global Internet.

ISPs

These access networks pay a subscription to connect to an Internet Service Provider ISP) that provides: packet forwarding toward external networks reception of packets connectivity to higher-tier networks Also ISPs pay a subscription for other providers with a better place in the hierarchy and so on. Each ISP maintains its own internal infrastructure, called the ISP backbone, which interconnects its point of presence and customer access networks. ISPs interconnect using two main models: Transit: a customer ISP pays another ISP to carry its traffic to the rest of the Internet Peering: two ISPs exchange traffic directly without payment (typically when traffic exchange is mutually beneficial) This creates a multi-tier hierarchy (depending on the size and dependance), where lower-tier ISPs depend on higher-tier ISPs for connectivity to the global Internet: Tier-3 ISPs - Access ISPs: provide connectivity directly to end users (home users, small businesses). They rely on higher- tier ISPs for global Internet access. Tier-2 ISPs - Regional or National ISPs Tier-1 ISPs - Global ISPs: they can reach every network on the Internet without purchasing transit from other ISPs. They interconnect with each other through peering agreements. They form the Internet backbone. 01 - The Internet 2

This layered design improves scalability, fault isolation, and network management, as each layer has a specific role.

Routers and Routing

A router is a network device that connects multiple networks and forwards packets between them, selecting the next hop based on the destination IP address using routing tables and protocols. It operates at the network layer and uses routing tables and protocols to determine the best path for packet delivery across interconnected networks. The Internet is a dynamic system: the routing plane must continuously adapt to changes in topology and reachability whenever a problem occurs. Routers exchange control information and update their internal view of the network so that packets can be forwarded from a source to a destination. The adaptability is enables by two key elements: Routing tables: local data structures used to decide the next hop for each destination Routing protocols: distributed algorithms used to compute, maintain and update routing information When forwarding a packet, routers apply the Longest Prefix Match rule: among all routing entries that match the destination IP address, the router selects the on with the most specific prefix. Routing decisions are typically loca: each route does not have a complete global view of the Internet. Instead, it relies on information learned from neighbors via routing, resulting in a partial and policy-constrained view of the reachable networks. Routing metrics and policies influence the path selection, and the parameters are often configured by the network administrator or derived from inter-domain routing policies.

Edge Routers (Gateways)

What makes a router an edge router is not a different internal mechanism, but its position and role in the network topology. Gateways (or edge routers) are network devices positioned at the boundary of a network, connecting an internal network (such as a LAN or organizational network) to external networks like an ISP or the Internet. They act as the entry and exit point for all external communication, forwarding packets between different administrative domains. In addition to packet forwarding, gateways often enforce network policies, such as traffic filtering, access control, and Network Address Translation NAT. Due to their position, they are critical points for monitoring, controlling, and securing network traffic between internal and external environments. 01 - The Internet 4

02 - Protocols

Created Checkbox Select Theory Status Done A protocol is a set of formally specified rules that define how entities in a network communicate in order to provide a service, ensuring interoperability between heterogeneous systems.. Protocols define both the structure of exchanged messages and the behavior of the communicating parties. A protocol is typically characterized by: Procedure rules: the type and sequence of exchanged messages Message format: the structure, size, encoding, and fields of messages or packets Timing rules: constraints on when messages are sent, retransmitted or considered lost → the time to wait between any event. Timing aspects may also involve medium access control and flow control mechanisms which regulate how much data can be transmitted based on network conditions. Modularization is fundamental design principle of network architecture. Instead of implementing all functionality within a single protocol, responsibilities are divided across multiple layers and protocols. Each layer provides services to the layer above while relying on the services of the layer below, creating a service abstraction that hides implementation details.

Encapsulation

Encapsulation is the mechanism that enables communication between layers in a network architecture. As data moves down the protocol stack, each layer adds its own header (and in some cases a trailer) to the data received from the layer above, creating a structured unit called a protocol data unit PDU. Each header contains control information relevant to that layer, such as addressing, error detection, or transport parameters. At the receiving end, the process is reversed through decapsulation, where each layer removes and interprets its corresponding header. This mechanism allows each layer to operate independently while still cooperating to deliver data end-to-end. March 20, 2026 5 26 PM 02 - Protocols 1

Routers donʼt have knowledge of the entire future path of a packet; they only determine the next hop. This decentralized decision process increases robustness and scalability. The network provides a best-effort delivery model, meaning that it does not guarantee delivery, order, or duplication avoidance. Reliability and control features belong only to higher layers. This architecture enables efficient resource sharing, dynamic adaption to failures and scalable traffic management through flow and congestion control mechanisms. 02 - Protocols 3

03 - Ethernet Networks (IEEE 802.3)

Created Checkbox Select Theory Status Done Ethernet is a widely used link-layer technology for local area networks LANs, designed to enable communication between devices within the same network segment. It defines both the frame format and the media access control MAC mechanisms used to transmit data over a shared or switched medium. Ethernet provides high-speed, low-latency communication within a single administrative domain and serves as the foundation for most wired LAN infrastructures.

ETHERNET FRAMES

Inside a LAN, hosts can communicate directly at Layer 2 using Ethernet packets, also called frames. Frames have a fixed header format, while the payload size may vary depending on the technology. Preamble 7 bytes) Sequence of alternating bits used to synchronize sender and receiver clocks before transmission. Start Frame Delimiter SFD 1 byte Marks the end of the preamble and indicates the start of the actual frame. Destination Address DA 6 bytes) MAC address of the intended recipient of the frame. Source Address SA 6 bytes) MAC address of the sender of the frame. Length 2 bytes) Indicates the size of the payload Data field) in bytes. Data 46 1500 bytes) Contains the encapsulated higher-layer data (e.g., IP packet). Padding is added if needed to reach minimum size. Frame Check Sequence FCS 4 bytes) Error-detection field using CRC, used to verify frame integrity. Each host connected to an Ethernet network has a NIC Network Interface Card) with a unique MAC. Each device in an Ethernet network is identified by a unique MAC address, which is used for local delivery of frames. If a host has multiple network interfaces, it has multiple MAC addresses. When a frame is transmitted, every device in the same broadcast domain can physically receive it, but only the host whose MAC address matches the destination field processes the frame; all others discard it. March 20, 2026 5 43 PM 03 - Ethernet Networks (IEEE 802.3) 1

large network. For this reason, large networks are divided into smaller broadcast domains, limiting the propagation of broadcast traffic and improving overall performance. Another key limitation is that Ethernet operates at the link layer, relying on MAC addresses and lacking the ability to scale globally. To support large-scale communication, networks require a logical (layered) organization, where different layers handle different responsibilities. In this architecture: Ethernet operates at the access layer, providing local connectivity Higher layers (distribution/core) rely on IP-based communication Hosts within a local network use a default gateway (edge router) to communicate with external networks, enabling access beyond the local broadcast domain.

🧱 Distribution and Core Layers

To interconnect multiple local networks, the Internet relies on higher-level layers: The distribution layer connects multiple LANs and operates at the level of Autonomous Systems AS, such as enterprise networks or ISPs The core layer provides large-scale interconnection across regions or continents, forming the backbone of the Internet These layers rely on logical addressing IP rather than MAC addresses, enabling scalable communication across heterogeneous networks. Communication between networks is performed by routers, which forward packets across different domains using routing protocols.

🔀 Routers and Switches

Switches and routers operate at different layers and serve different purposes: Switches Layer 2 Operate within a local network Use MAC addresses Segment the network into multiple collision domains Forward frames within the same LAN Routers Layer 3 Interconnect different networks Use IP addresses Act as default gateways for hosts Enable communication beyond the local network 03 - Ethernet Networks (IEEE 802.3) 3

In particular, routers provide access to the Internet by forwarding traffic from local networks to external networks and vice versa. 03 - Ethernet Networks (IEEE 802.3) 4

IP addresses provide a logical addressing scheme used to identify devices across different networks and enable routing at the network layer. There are two main versions: IPv 4 : 32-bit address divided into 4 octets 8 bits each) IPv 6 : 128-bit address, designed to overcome IPv 4 limitations For readability: IPv 4 is written in dotted decimal notation (e.g., 69.58.201.25 ) IPv 6 uses colon-separated hexadecimal notation

🧱 Network and Host Structure

An IP address is logically divided into two parts: Network portion → identifies the network Host portion → identifies a specific device within that network The boundary between these two parts is defined by the subnet mask (or prefix length in CIDR notation). This separation enables hierarchical addressing and scalable routing across networks.

🔢 Dotted Decimal Representation (brief)

In IPv4, each octet 8 bits represents a value between 0 and 255. The dotted decimal notation is simply a human-readable representation of the underlying binary address. Example: 192.168.1.5 corresponds to a 32-bit binary number divided into four 8-bit groups. ( non serve andare oltre, è solo rappresentazione ✔) 04 - MAC and IP addresses 2

🌐 Network vs Host (intuitive view)

Within a network: All devices share the same network prefix Each device has a unique host identifier Routers use the network portion to forward packets between networks, while the host portion is used for delivery within the destination network.

📡 Types of IP Addressing

There are three main communication models: Unicast (one-to-one) → communication between a single sender and a single receiver Broadcast (one-to-all) → packet is delivered to all hosts within a network (only in IPv 4 Multicast (one-to-many) → packet is delivered to a specific group of hosts

🧱 Classful Addressing (legacy)

Originally, IPv 4 addresses were divided into fixed classes: Class A (/8) → large networks Class B (/16) → medium networks Class C (/24) → small networks Class D → multicast Class E → reserved This approach had poor flexibility, leading to inefficient address allocation.

🔀 Classless Addressing (CIDR)

To overcome classful limitations, modern networks use CIDR Classless Inter-Domain Routing). CIDR allows flexible allocation by specifying a prefix length: Format: IP_address / prefix_length Example: 10.10.10.0/ 04 - MAC and IP addresses 3

05 - Network Traffic Monitoring

Created Checkbox Select Theory Status Done At its core, network communication consists of the movement of packets, which are structured sequences of bits transmitted between hosts. For devices to correctly interpret transmitted data, communication must follow a shared set of rules defined by a protocol. Protocols specify formatting, semantics, timing and behavior. Modern network architectures are designed to be both reliable and flexible. Technologies and implementations may change over time, but the overall communication model must remain consistent. This requirement is addressed through the concept of layering.

🧱 Layering Concepts

Network communication is organized into layers, where each layer is responsible for a specific set of tasks. Each layer: provides services to the layer above uses services from the layer below Communication at each layer is governed by a protocol, which defines how messages are exchanged. This structure enables modularity and abstraction, allowing each layer to evolve independently without affecting the others.

🔄 Encapsulation and Decapsulation

When a host sends data, the message is processed step by step by multiple layers. At each layer, additional control information may be added, modifying the structure of the data unit. Conversely, when data is received, each layer removes its corresponding control information. March 20, 2026 7 52 PM 05 - Network Traffic Monitoring 1

This structure enables modularity and abstraction, allowing each layer to evolve independently without affecting the others. Data is transferred from the application layer of the sender to the application layer of the receiver through the network stack: data must traverse the protocol stack before being transmitted over the network. At the sender: each layer adds its own header (encapsulation) data moves down the stack At the receiver: each layer removes its header (decapsulation) data moves up the stack At the bottom of the stack, the Physical Layer converts digital information into measurable physical signals. At the receiving end, these physical signals are converted back to the digital form. Each layer processes only the relevant protocol information and passes the rest upward. If the final destination is not directly reachable, packets traverse multiple intermediate devices such as switches and routers. At each router the incoming Ethernet frame is removed, the IP packet is inspected, a new frame is created for the next hop with: a new source MAC address a new destination MAC address

🧱 Two Layered Architectures

There are two main reference models: OSI model ISO → 7 layers (conceptual reference model) TCP/IP model → 4 layers (practical implementation used in the Internet) 05 - Network Traffic Monitoring 2

06 - Client-Server Communication

Created Checkbox Select Theory Status Done

Client-Server Communication

In a client–server architecture, a host (client) communicates with a remote server through the network stack. The final goal of the communication is that the Application layer of the source host communicates logically with the Application layer of the destination host. There is therefore a 1-to-1 logical mapping between stack layers of source and destination.

1. The client generates data

The Application Layer: Specifies the destination host Specifies the destination port Passes the data to the Transport Layer The Transport Layer: Adds the transport header Identifies the destination process via port number Encapsulates the data into a transport segment and passes it to the Network Layer for packet encapsulation The Network Layer: Adds the source and destination IP addresses Consults the routing table Determines whether the destination is local or remote by comparing the destination IP address with the subnet mask of the outgoing interface More precisely, the Network Layer computes the network prefix of both addresses: (IP_dest & Mask) March 20, 2026 8 52 PM 06 - Client-Server Communication 1

(IP_host & Mask) If the two results are equal → the destination belongs to the same subnet (local delivery). The packet is sent directly to the destination host, and the Data Link layer resolves the destination MAC address (e.g., via ARP. Otherwise → the destination is remote. The packet is forwarded to the next hop, typically the default gateway, selected from the routing table. The Transport segment is encapsulated into an IP packet and is passed to the Data Link Layer The Data Link Layer: Receives the outgoing interface and next-hop information from the Network layer Adds the source and destination MAC addresses Resolves the destination MAC address if not known (e.g., via ARP More precisely: Source MAC MAC address of the outgoing interface Destination MAC MAC address of the next hop (destination host if local, or gateway if remote) If the destination MAC address is already present in the ARP cache → it is used directly Otherwise → an ARP request is sent to resolve the MAC address The Physical Layer: Receives the frame from the Data Link Layer Converts the frame into a sequence of bits Transmits the bits over the physical medium

2. The packet reaches a router

The Physical Layer: Receives the signal from the medium Reconstructs the bitstream Passes the data to the Data Link Layer The Data Link Layer: Reconstructs the frame Checks whether the destination MAC address matches one of the routerʼs interfaces Removes the frame header (decapsulation) Passes the encapsulated IP packet to the Network Layer 06 - Client-Server Communication 2