book

Introduction to Computer Networks and Cybersecurity

by Chwan-Hwa (John) Wu, J. David Irwin

April 2016

Beginner

1336 pages

51h 36m

English

CRC Press

Read now

Unlock full access

I.1 IntroductionI.2 The Internet ArchitectureI.2.1 A Hierarchical StructureI.2.2 Internet Standards and the Internet Corporation for Assigned Names and Numbers (ICANN)I.3 Access NetworksI.3.1 Digital Subscriber Lines (DSL)I.3.2 Hybrid Fiber Coax (HFC)I.3.3 Fiber in the Loop (FITL)I.3.4 Broadband over Power Lines (BPL) and HomePlugI.3.5 A Typical Home NetworkI.3.6 Local Area Networks (LAN)I.3.7 Wireless Access NetworksI.3.8 The Transmission MediaI.4 The Network CoreI.4.1 Internet eXchange Points (IXPs)I.4.2 Tier-1 Internet Service Providers (ISPs)I.4.3 The Internet2 NetworkI.5 Circuit Switching vs. Packet SwitchingI.5.1 Circuit SwitchingI.5.2 A Comparison of Circuit Switching with Packet Switching Using Statistical MultiplexingI.6 Packet Switching Delays and CongestionI.6.1 Packet Switching DelaysI.6.2 Packet Loss and DelayI.6.3 Congestion and Flow ControlI.7 The Protocol StackI.7.1 The US DoD Protocol StackI.7.2 The OSI Protocol StackI.7.3 Packet Headers and TermsI.7.4 The Layer 2 (L2) to Layer 5 (L5) OperationsI.7.5 A User’s Perception of ProtocolsI.7.6 A Comparison of the Connection-Oriented and Connectionless ApproachesI.8 Providing the Benefits of Circuit Switching to Packet SwitchingI.9 CybersecurityI.9.1 Attacks and MalwareI.9.1.1 The Zero-Day Attack and Mutation in DeliveryI.9.1.2 Crimeware Toolkits and TrojansI.9.1.3 Sophisticated MalwareI.9.2 Defensive Measures for CybersecurityI.9.2.1 The Firewall, the Intrusion Detection System (IDS) and the Intrusion Prevention System (IPS)I.9.2.2 Virtual Private Networks (VPN) and Access ControlI.9.2.3 Integrated Defense for an Enterprise NetworkI.10 History of the InternetI.10.1 The Development of the InternetI.10.2 The Global Information Grid (GIG) of the US Department of Defense (DoD)I.11 Concluding RemarksReferencesProblems
1.1 Overview1.2 Client/Server and Peer-to-Peer Architectures1.3 Inter-process Communication through the Internet1.4 Sockets1.5 Transport Layer Services1.6 The Hypertext Transfer Protocol (http)1.6.1 An Overview of HTTP1.6.2 HTTP Messages1.6.3 The Uniform Resource Identifier (URI)1.6.4 The GET and POST Methods1.6.5 The HTTP Response Message1.6.6 Persistent and Non-persistent HTTP1.6.7 TCP Fast Open (TFO)1.6.8 Using HTTP for a Video Progressive Download1.7 Cookies: Providing States to HTTP1.7.1 The Operation of Setting Cookies1.7.2 The Details Associated with Cookies1.8 The Design of Efficient Information Delivery through Use of a Proxy1.8.1 The Web Cache1.8.2 Proxy Roles and Limitations1.8.3 An Investigation of Access Link Bandwidth Issues1.8.4 The Wide Area Application Service (WAAS) and Content Delivery Networks (CDNs)1.9 The File Transfer Protocol (FTP)1.9.1 Passive and Active FTP Data Connections1.9.2 The Secure File Transfer Protocol (SFTP)1.10 Electronic Mail1.10.1 The Simple Mail Transfer Protocol (SMTP)1.10.2 Mail Access Protocols1.10.3 Microsoft Exchange and Outlook1.10.3.1 The Messaging Application Programming Interface (MAPI)1.10.3.2 The RPC over HTTP or Outlook Anywhere1.10.3.3 The Exchange Server Messaging System1.11 Concluding RemarksReferencesChapter 1 Problems

2.1 The Domain Name Service (DNS)2.1.1 Overview2.1.2 Recursive and Iterative Queries2.1.3 Recursive or Caching DNS Server2.1.4 The Resource Record (RR) and DNS Query2.1.4.1 The RR Format2.1.4.2 The Insertion of a Specific Type of RR2.1.4.3 The Mail Exchange Resource Record (MX RR) and Canonical Name (CNAME)2.1.4.4 A Zone File2.1.4.5 The BIND 9 DNS Server Configuration2.1.4.6 The nslookup Command2.1.5 The DNS Protocol2.1.6 The Whois Service2.1.7 Server Load Balancing2.1.8 A Detailed Illustration of DNS Query and Response Messaging2.1.9 Reverse DNS Lookup2.1.10 The Berkeley Internet Name Domain (BIND) Server2.2 Active Directory (AD)2.2.1 An Overview Including the Applications of AD2.2.2 The Hierarchical Structure of AD2.2.3 Active Directory’s Structure and Trust2.2.4 The AD Objects and Their Domain2.2.5 Sites within an Active Directory (AD) Domain2.2.6 The Service Resource Record (SRV RR)2.2.7 The Open Directory (OD)2.3 Concluding RemarksReferencesChapter 2 Problems
3.1 Overview of XML-Based Web Applications3.2 Client/Server Web Application Development3.3 The PHP Server Script3.4 AJAX3.4.1 The Client Side Script3.4.2 Server Side Script3.5 XML3.5.1 XML Benefits3.5.2 Minor Problems in Editors3.6 XML Schema3.6.1 A Simple Element3.6.2 Attributes3.6.3 Complex Element3.6.4 XSD Declaration in an XML File3.6.5 Validating a XML against a xsd File3.7 The XML Document Object Model (DOM)3.7.1 The Client Side3.7.2 Server Side3.8 Concluding RemarksReferencesChapter 3 Problems
4.1 Motivation4.2 Socket Concepts4.3 TCP Socket Programming4.4 Single-Thread TCP Socket Programming4.4.1 The Server Side4.4.2 The Client Side4.4.3 The TCP Server Socket4.4.4 The TCP Client Socket4.4.5 The TCP Output Stream4.4.6 The TCP Input Stream4.4.7 The Console Input and Output4.4.8 Closing the TCP Socket4.4.9 Get localhost IP Address4.4.10 The TCP Connection between Two Hosts4.5 Multi-thread TCP Socket Programming4.5.1 The Multi-threaded TCP Server4.5.2 The Server Side4.6 UDP Socket Programming4.6.1 The Server Side4.6.2 The Client Side4.6.3 The UDP Socket4.6.4 Obtaining the Client’s IP Address and Port Number4.6.5 The UDP Send4.6.6 The UDP Receive4.6.7 The Console Input4.6.8 The Console Output4.7 Multi-thread UDP Socket Programming4.8 IPv6 Socket Programming4.9 Concluding RemarksReferencesChapter 4 Problems
5.1 P2P-vs-Client/Server5.2 Types of P2P Networks5.3 Pure P2P: Gnutella Networks5.4 Partially Centralized Architectures5.5 Hybrid Decentralized (or Centralized) P2P5.6 Structured vs. Unstructured P2P5.7 Skype5.8 P2P Client Software5.9 Peer-to-Peer Name Resolution (PNRP)5.9.1 PNRP Clouds5.9.2 Peer Names and PNRP IDs5.9.3 PNRP Name Resolution5.9.4 PNRP Name Publication5.10 Apple’s Bonjour5.11 Wi-Fi Direct Devices and P2P Technology5.11.1 Device Discovery and Service Discovery5.11.2 Groups and Security5.11.3 Concurrent Connections and Multiple Groups5.12 P2P Security5.13 Internet Relay Chat (IRC)5.14 Concluding RemarksReferencesChapter 5 Problems
6.1 The Physical Layer6.1.1 Modems6.1.2 Pulse Code Modulation (PCM) and Codec6.1.2.1 Analog-to-Digital (A/D) Conversion6.1.2.2 Digital-to-Analog (D/A) Conversion6.1.3 Data Compression6.1.4 Digital Transmission of Digital Data6.1.4.1 Baseband Transmission6.1.4.2 Line Codes6.1.4.3 Block Coding6.1.5 Synchronization and Clock Recovery6.1.6 Channel Multiplexing for Multiple Access6.1.7 Error Control and Shannon’s Capacity Theorem6.1.7.1 Error Detection6.1.7.2 Forward Error Correction6.1.8 Organization for the Physical Layer Presentation6.2 Link Layer Functions6.2.1 Link Layer in Protocol Stack6.2.2 Medium Access Control (MAC) and Logical Link Control (LLC) Sublayers6.2.3 Data Rate Comparison among MAC and Associated Physical Layers6.3 Link Layer Realization6.4 Multiple Access Protocols6.4.1 Point-to-Point Protocol (PPP)6.4.2 MAC Protocols6.4.2.1 Channel Partitioning MAC Protocols6.4.2.2 Shared Ethernet and Wireless LAN Using Random Access6.4.2.3 Token Ring6.5 The Link Layer Address6.5.1 The MAC Address6.5.2 The Address Resolution Protocol (ARP)6.6 MAC Layer Frame Format6.6.1 Ethernet DIX V2.06.6.2 802.3 MAC Layer6.6.3 802.11 MAC Layer6.7 The 802.2 Logic Link Control (LLC) Sublayer6.7.1 The LLC Header6.7.2 The LLC PDU6.7.3 The LLC Types6.7.4 The Subnetwork Access Protocol (SNAP)6.7.5 NetBIOS/NetBEUI6.8 Loop Prevention and Multipathing6.8.1 The Spanning Tree Protocol (STP)6.8.2 The Rapid Spanning Tree Protocol (RSTP)6.8.3 Layer 2 Multipathing (L2MP)6.9 Error Detection6.10 Concluding RemarksReferencesChapter 6 Problems
7.1 Ethernet Overview7.2 The 802.3 Medium Access Control and Physical Layers7.3 The Ethernet Carrier Sense Multiple Access/Collision Detection Algorithm7.4 Ethernet Hubs7.5 Minimum Ethernet Frame Length7.6 Ethernet Cables and Connectors7.7 Gigabit Ethernet and Beyond7.7.1 Gigabit Ethernet (GE)7.7.2 The Physical Layer for GE and Faster Technologies7.7.3 Ten Gigabit (10G) Ethernet7.7.4 40 Gbps and 100 Gbps Ethernet7.8 Bridges and Switches7.8.1 The Learning Function7.8.2 The Switch Fabric in Full Duplex Operation7.8.3 The Switch Table7.8.4 An Interconnected Switch Network7.9 A Layer 2 (L2) Switch and Layer 3 (L3) Switch/Router7.9.1 A Multilayer Switch7.9.2 A Simple View of Internet Switches/Routers7.9.3 The Architecture of High-Performance Internet Routers7.9.4 A Multilayer Switch Chassis and Blades for a Campus Network7.9.4.1 The Cisco Catalyst 6500 Switch Chassis7.9.4.2 The Crossbar Switch Fabric and Supervisor Engine7.9.4.3 Line Cards/Blades7.9.4.4 Centralized Switching by the Supervisor Engine in a 6500 Chassis7.9.4.5 The Central Forwarding Operation of a Cisco 6500 Multilayer Switch7.10 Design Issues in Network Processors (NPs) and ASICs7.10.1 Forwarding and Policy Engine Design Issues7.10.2 Network Processors (NPs) and Application-Specific Integrated Circuits (ASICs)7.10.3 ASIC + General-Purpose Processors7.10.3.1 The Cisco Nexus 7000 Series Switches7.10.3.2 The Cisco Nexus 5500 Switch7.10.4 The Use of a Cisco QuantumFlow Processor in Internet Backbone Routers7.10.4.1 New Ethernet Switch/Router Technology7.10.4.2 The Multi-Service Network Infrastructure7.10.4.3 Aggregation or Edge Routers7.10.4.4 The Carrier Ethernet Network7.10.4.5 The Core Network Router7.11 Design Issues for the Packet Buffer/Memory and Switch Fabric7.11.1 Switch Fabric Design Issues7.11.1.1 Input Queuing (IQ) vs. Output Queuing (OQ)7.11.1.2 Shared-Output Queuing (SQ)7.11.1.3 Virtual Output Queuing (VOQ)7.11.1.4 The Combined Input/Output Queue (CIOQ)7.11.2 Design Issues for Buffers/Queues7.11.3 Design Issues for Sizing Buffers in Switches7.12 Cut-Through or Store-and-Forward Ethernet for Low-Latency Switching7.12.1 Traditional L2 and L3 Forwarding7.12.2 The Mechanisms That Make Cut-Through Forwarding Versatile7.12.3 The Design Issues Associated with Cut-Through Forwarding7.13 Switch Management7.13.1 The Simple Network Management Protocol (SNMP)7.13.2 Remote Monitoring (RMON)7.14 Concluding RemarksReferencesChapter 7 Problems
8.1 The Virtual LAN (VLAN-802.11q)8.1.1 VLAN Switches and Trunks8.1.1.1 VLANs Connected by a L3 Switch/Router for Inter VLAN Communication8.1.1.2 VLANs Connected without a L3 Switch/Router for Intra VLAN Communication8.1.1.3 The Access Mode or Trunk Mode8.1.2 The VLAN Registration Protocol8.1.3 The VLAN Tag8.1.4 VLAN Forwarding8.2 Class of Service (CoS-802.11p)8.2.1 The Quality of Service (QoS) on L28.2.2 Priority Classification and Queues in Frame Forwarding8.2.3 Class of Service Scheduling Methods8.3 Switch Design Issues in CoS, Queues and Switch Fabric8.3.1 ASICs for Forwarding Based on CoS at Wire Speed8.3.2 The Unified Forwarding Engine (UFE) in Unified Port Controller (UPC)8.3.3 Meeting CoS Requirements through the Use of Virtual Output Queues8.4 Asynchronous Transfer Mode (ATM)8.4.1 The ATM Network Architecture8.4.2 The Adaptation Layer (AAL)8.4.3 Virtual Circuits (VCs)8.4.4 The ATM Cell8.4.5 The ATM Physical Layer8.5 Classical IP over ATM8.6 Multiprotocol Label Switching (MPLS)8.6.1 The Multiprotocol Label Switching (MPLS) Network8.6.2 The MPLS Header and Switching8.7 Multilayer Network (MLN) Architectures8.7.1 The Motivating Factors for MLN8.7.2 The Architecture of the CapabilityPlanes8.7.3 The DataPlane and Its Provisioning8.8 Concluding RemarksReferencesChapter 8 Problems
9.1 An Overview of Wireless Networks9.2 802.11 Wireless LANs9.2.1 The Infrastructure Mode9.2.2 The Ad Hoc Mode9.2.3 The Basic Service Set (BSS) and the Independent BSS (IBSS)9.2.4 The Distribution System (DS) and the Extended Service Set (ESS)9.2.5 Passive and Active Scanning9.2.6 Robust Security Network Associations (RSNAs)9.2.7 Wireless Challenges9.2.8 The 802.11 Physical Layer9.2.9 The 802.11n Physical Layer9.2.9.1 MIMO9.2.9.2 Space Division Multiplexing (SDM)9.2.9.3 Antenna Diversity or Space-Time Coding (STC)9.2.9.4 MIMO Summary9.2.10 The MAC Layer9.2.10.1 Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)9.2.10.2 The Unicast Frame9.2.10.3 The Distributed Coordination Function (DCF)9.2.10.4 The Broadcast Frame9.2.10.5 Virtual Carrier Sensing9.2.10.6 The Point Coordination Function (PCF)9.2.10.7 Random Back-off Time and Error Recovery9.2.10.8 MAC Frames and MAC Addresses9.2.10.9 MAC Frame Types9.2.11 Frequency Reuse, Power and Data Rates9.2.11.1 Frequency Reuse9.2.11.2 802.11h: Dynamic Frequency Selection (DFS) and Transmitter Power Control (TPC)9.2.11.3 The Number of Stations in a BSS9.2.12 Power over Ethernet9.3 Wireless Personal Area Network (WPAN)9.3.1 Bluetooth9.3.1.1 Data Rates and Range9.3.1.2 The Piconet9.3.1.3 The States and Modes of Piconet9.3.1.4 Types of Links9.3.1.5 Packet Format9.3.1.6 Time Division Duplex (TDD) and Frequency Hopping (FH)9.3.1.7 The Scatternet9.3.2 Ultra Wideband (802.15.3)9.3.3 ZigBee (802.15.4)9.4 WLANs and WPANs Comparison9.5 WiMAX (802.16)9.6 Cellular Networks9.6.1 CDMA20009.6.2 The Universal Mobile Telecommunication Service (UMTS)9.6.3 Long Term Evolution9.6.4 Mobility9.7 Concluding RemarksReferencesChapter 9 Problems
10.1 Network Layer Overview10.1.1 The Need for Network and Link Layers10.1.2 Network Layer Functions10.2 Connection-Oriented Networks10.3 Connectionless Datagram Forwarding10.4 Datagram Networks vs. Virtual Circuit ATM Networks10.5 Network Layer Functions in the Protocol Stack10.6 The IPv4 Header10.7 IP Datagram Fragmentation/Reassembly10.8 Type of Service (ToS)10.8.1 ToS, IP Precedence and DSCode Points (DSCP)10.8.2 Queuing/Scheduling Methods10.9 The IPv4 Address10.9.1 Network Interface and IP address10.9.2 Subnet10.9.3 Network ID, Subnet ID and Host ID10.9.4 Private IP Addresses10.9.5 Classless Inter-Domain Routing10.9.6 ARP Cache10.9.7 Optimal use of IP addresses10.10 The Dynamic Host Configuration Protocol (DHCP)10.10.1 The DHCP Server and Routers10.10.2 DHCP Protocol10.10.3 The Reuse of a Previously Allocated Network Address10.11 IP Multicast10.11.1 The IP Multicast Advantage10.11.2 Routing for Multicast10.11.3 The Protocol Independent Multicast (PIM)10.12 Routing between LANs10.13 Network Address Translation (NAT)10.13.1 Address and Port Translation10.13.2 NAPT Mapping/Binding Classifications10.13.2.1 NAT Behavior Related to UDP Bindings in RFC348910.13.2.2 Address and Port Mapping Behavior in RFC 4787 and RFC 538210.13.3 NAPT for Incoming Requests10.13.3.1 Application Level Gateways (ALGs)10.13.3.2 The Static Port Forwarding10.13.3.3 The Universal Plug and Play (UPnP) Internet Gateway Device (IGD) Protocol10.13.3.4 Traversal Using Relays around NAT (TURN)10.13.3.5 The Session Traversal Utilities for NAT (STUN)10.13.3.6 The Interactive Connectivity Establishment (ICE)10.14 The Internet Control Message Protocol (ICMP)10.14.1 The ICMP Packet10.14.2 Echoes and Replies10.14.3 The Destination Unreachable Message10.14.4 The Traceroute10.14.4.1 A Traceroute in UNIX-like OSs10.14.4.2 The Microsoft Windows Tracert10.15 The Mobile Internet Protocol10.16 Concluding RemarksReferencesChapter 10 Problems
11.1 The Need for IPv611.2 The IPv6 Packet Format11.3 IPv6 Addresses11.3.1 Three Types of IPv6 Addresses11.3.2 The Scope of Addresses11.3.3 The Global Unicast Address11.3.4 The Multicast Address11.3.5 The Anycast Address11.3.6 Special Addresses11.4 The Transition from IPv4 to IPv611.4.1 The Double NAT: NAT 44411.4.2 An Incremental Carrier-Grade NAT (CGN) for IPv6 Transition11.4.3 Address Family Translation11.4.3.1 Stateful Address Family Translation (AFT)-(NAT 64)11.4.3.2 Stateless AFT (IVI)11.4.4 The Dual Stack11.4.5 Dual-Stack Lite (DS-Lite)11.4.5.1 The Access Model11.4.5.2 The Home Gateway11.4.6 Tunneling11.4.7 Encapsulating an IPv6 Datagram into IPv411.4.8 The 6To4 Scheme11.4.9 6To4 Automatic Tunneling11.4.10 A 6To4 Relay Router11.4.11 The Rapid Deployment of IPv6 on the IPv4 Infrastructures (6rd)11.4.12 The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)11.4.13 Teredo Tunneling11.4.13.1 The Motivation for Teredo Tunneling11.4.13.2 The Teredo Network Infrastructure11.4.13.3 The Teredo Protocol11.4.13.4 The Teredo IPv6 Addressing Scheme11.4.13.5 Teredo Packet Encapsulation11.5 IPv6 Configuration and Testing11.5.1 OS X11.5.2 Microsoft Windows11.5.3 Pinging Windows 7/Vista from OS X11.5.4 Installing IPv6 in Windows XP11.5.5 The Firewall Configuration for Echo Reply in Windows XP11.5.6 A Multicast Ping and the Replies11.6 Concluding RemarksReferencesChapter 11 Problems
12.1 Routing Protocol Overview12.2 Configuring a Router12.2.1 Static Route Configuration12.2.2 Dynamic Routing Protocol Configuration12.2.3 The RIP Configuration12.2.4 The OSPF Configuration12.2.5 The BGP Configuration12.3 VLAN Routing12.4 Open Shortest Path First (OSPF)12.4.1 OSPF Areas12.4.2 OSPF Routing Table Construction12.4.3 Type of Service (ToS) Support12.5 The OSPF Routing Algorithm12.5.1 A Graphical Representation12.5.2 Dijkstra’s Algorithm12.5.3 Generating a Routing Table12.5.4 Load-Sharing Multipath in OSPF12.5.5 OSPF Properties12.6 The Routing Information Protocol (RIP)12.6.1 The Distance Vector Algorithm12.6.2 The Positive Aspects of Rapid Convergence12.6.3 The Negative Aspects of Slow Convergence12.6.4 Split Horizon with Poison Reverse12.6.5 A Three-Node Loop Problem12.7 OSPF-vs.-RIP12.8 Concluding RemarksReferencesChapter 12 Problems
13.1 Autonomous Systems13.2 Border Gateway Protocol (BGP) Overview13.2.1 A BGP Session13.2.2 A BGP Route13.2.3 The AS_Path Attribute13.2.4 Path Attributes13.3 A Real-World BGP Case13.4 BGP Route Advertisements13.4.1 The Next Hop Attribute in External BGP (eBGP) and Internal BGP (iBGP)13.4.2 AS_Path Attribute Propagation in Route Advertisements13.5 BGP Route Selection13.5.1 The BGP Policy13.5.2 The Use of Attributes in Selecting Routes13.5.3 The Integration of BGP and IGP13.5.4 Local Preference13.5.5 The Multi-Exit Discriminator (MED) Attribute13.6 BGP Import and Export Policies13.6.1 The import policy13.6.2 The Export Policy13.6.3 Bandwidth-Based Policy for Export Routes13.7 BGP Security13.8 Concluding RemarksReferencesChapter 13 Problems
14.1 Transport Layer Overview14.1.1 The Function of the Transport Layer in the Protocol Stack14.1.2 The Transmission Control and Stream Control Transmission Protocols14.2 The Socket14.3 The User Datagram Protocol (UDP)14.3.1 The Use of UDP14.3.2 The UDP Packet Format14.4 A Reliable Transport Protocol: TCP14.4.1 TCP Overview14.4.2 The 3-Way Handshake14.4.3 Closing a TCP Connection14.4.4 The Sequence and Acknowledgment (ACK) Numbers14.4.5 A Simple Acknowledgment Scheme14.4.6 Pipelined Protocols14.4.7 A TCP Segment and Sequence Number14.4.8 The Sliding Window14.5 The TCP Packet Header and Options14.5.1 The TCP Header Format14.5.2 A 3-Way Handshake Analysis Using a Network Analyzer14.5.3 The Half Close Analysis Using a Network Analyzer14.5.4 Using a Network Analyzer to Obtain the Secure Shell (SSH) and HTTP Sequence and ACK Numbers14.5.4.1 The Secure Shell Protocol14.5.4.2 HTTP14.5.5 Explicit Congestion Notification14.5.6 Round Trip Time Measurement14.5.7 Windows Scaling14.5.8 Selective Acknowledgment14.5.9 The Use of a Reset Flag14.5.10 The Use of a Push Flag14.6 The Buffer and Sliding Window14.6.1 The Sender Side14.6.2 The Receiver Side14.6.3 Extending the Sequence Number to 64 Bits14.7 Features of the Stream Control Transmission Protocol (SCTP)14.7.1 The Motivation for SCTP14.7.2 SCTP vs. TCP14.7.3 SCTP Streams and Services14.8 The SCTP Packet Format14.8.1 The Chunk Field14.8.2 Chunk Types14.8.3 The Payload Data Format14.9 SCTP Association Establishment14.10 The SCTP SHUTDOWN14.11 SCTP Multi-Homing14.12 Concluding RemarksReferencesChapter 14 Problems
15.1 Packet Acknowledgment (ACK) and Retransmission15.2 Round Trip Time and Retransmission Timeout15.3 Cumulative ACK and Duplicate ACK15.4 The Sliding Window and Cumulative ACK15.5 Delayed ACK15.6 Fast Retransmit15.7 Synchronization (SYN) Packet Loss and Recovery15.8 The Silly Window Syndrome/Solution15.9 The TCP Selective Acknowledgment (SACK) Option15.10 Concluding RemarksReferencesChapter 15 Problems
16.1 TCP Flow Control16.2 TCP Congestion Control16.2.1 The Buffer Sizing Problem16.2.2 Congestion Control Approaches16.2.3 ATM Congestion Control16.3 Standard TCP End-to-end Congestion Control Methods16.3.1 The Congestion Window Size (CWND)16.3.2 Slow Start16.3.3 The Effective Window16.3.4 The Signs of Congestion16.3.5 Additive Increase Multiplicative Decrease (AIMD) and Congestion Avoidance16.4 TCP Tahoe and TCP Reno in Request for Comment (RFC) 200116.4.1 Slow Start and Timeout16.4.2 Three or More Duplicate Acknowledgments (ACKs)16.4.3 Congestion Avoidance16.4.4 Fast Retransmit and Fast Recovery in RFC 200116.5 An Improvement for the Reno algorithm—RFC 2581 and RFC 568116.6 TCP NewReno16.6.1 Filling Multiple Holes in the Receiver’s Buffer16.6.2 Fast Retransmit and Fast Recovery Algorithms in NewReno16.7 TCP Throughput for a Real-World Download in Microsoft’s Windows XP16.8 A Selective Acknowledgment (SACK)-Based Loss Recovery Algorithm16.8.1 A Conservative SACK-Based Loss Recovery Algorithm for TCP16.8.2 Reno vs. NewReno vs. SACK16.8.3 The CWND Slow Recovery Process16.8.4 The “Limited Transmit” Algorithm16.9 High-Speed TCP (HSTCP) Congestion Control Design Issues16.9.1 The Design Issues Associated with TCP Congestion Control for High-Speed Networks16.9.2 An Overview of HighSpeed TCP (HSTCP)16.9.3 The Response Functions in HighSpeed TCP (HSTCP)16.9.4 Limited Slow-Start in HSTCP16.9.5 H-TCP16.10 CUBIC TCP16.10.1 CUBIC Window Adjustment16.10.2 TCP CUBIC vs. TCP NewReno16.10.3 The Performance of TCP CUBIC16.11 Loss-Based TCP End-to-End Congestion Control Summary16.12 Delay-Based Congestion Control Algorithms16.13 Compound TCP (CTCP)16.13.1 The Compound TCP (CTCP) Control Law16.13.2 The Compound TCP Response Function16.13.3 CTCP Deployment and Performance16.14 The Adaptive Receive Window Size16.15 TCP Explicit Congestion Control and Its Design Issues16.15.1 ECN-Capable Transport (ECT) and Congestion Experienced (CE)16.15.2 The Explicit Congestion Notification (ECN) 3-Way Handshake16.15.3 Congestion Experienced (CE) by Router and ECN-Echo (ECE) by Receiver16.15.4 Weighted Random Early Detection (WRED) + Explicit Congestion Notification16.15.5 A WRED and ECN Case Study16.15.6 Performance Evaluation of Explicit Congestion Notification (ECN)16.15.7 The ECN-Based Data Center TCP (DCTCP)16.16 The Absence of Congestion Control in UDP and TCP Compatibility16.16.1 The Coexistence of TCP and UDP flows16.16.2 The Coexistence of Multiple TCP Flows16.16.3 Coexisting Heterogeneous TCP NewReno, CUBIC and CTCP Flows16.17 Concluding RemarksReferencesChapter 16 Problems
17.1 Introduction17.2 Security from a Global Perspective17.3 Trends in the Types of Attacks and Malware17.3.1 Malware Statistics and Detection Methods17.3.2 Web-Based Malware17.4 The Types of Malware17.4.1 Worms17.4.2 Phishing17.4.3 Trojans17.4.4 Botnets17.4.5 Rootkits17.4.5.1 User Mode Rootkits17.4.5.2 Kernel Mode Rootkits17.4.5.3 The Master Boot Record (MBR) Rootkit17.4.5.4 A Real-World Rootkit/Trojan17.4.6 Viruses17.5 Vulnerability Naming Schemes and Security Configuration Settings17.5.1 Common Vulnerabilities and Exposures (CVE)17.5.2 Common Configuration Enumeration (CCE)17.6 Obfuscation and Mutations in Malware17.6.1 Executable Packing/Compression17.6.2 Entry Point Obfuscation (EPO)17.6.3 Polymorphism17.6.3.1 Polymorphic Malware17.6.3.2 The Detection of Polymorphic Malware17.6.4 Metamorphism17.6.4.1 Metamorphic Malware17.6.4.2 The Detection of Metamorphic Malware: An Open Challenge17.7 The Attacker’s Motivation and Tactics17.7.1 The Attack Motivation17.7.2 Attack Tactics and Their Trends17.8 Zero-Day Vulnerabilities17.8.1 The History of Zero-Day Vulnerabilities17.8.2 Defensive Measures for Zero-Day Vulnerabilities17.9 Attacks on the Power Grid and Utility Networks17.10 Network and Information Infrastructure Defense Overview17.10.1 Defense for the Enterprise17.10.2 Penetration Tests17.10.3 Contingency Planning17.10.4 The Critical Infrastructure Protection (CIP) Plan17.10.5 Intelligence Collection for Defense of the Internet Community17.10.6 The Eradication of Botnets17.11 Concluding RemarksReferencesChapter 17 Problems
18.1 Overview18.2 Unified Threat Management18.3 Firewalls18.4 Stateless Packet Filtering18.4.1 The Format for the Rule Used in Packet Filtering18.4.2 The Manner in Which the Firewall ACL Is Processed18.4.3 The Inherent Weaknesses of Stateless Filters18.5 Stateful/Session Filtering18.5.1 Stateful Inspection18.5.2 Network Address Translation (NAT)18.6 Application-Level Gateways18.7 Circuit-Level Gateways18.8 A Comparison of Four Types of Firewalls18.9 The Architecture for a Primary-Backup Firewall18.10 The Windows 7/Vista Firewall as a Personal Firewall18.11 The Cisco Firewall as an Enterprise Firewall18.12 The Small Office/Home Office Firewall18.13 Emerging Firewall Technology18.14 Concluding RemarksReferencesChapter 18 Problems
19.1 Overview19.1.1 IDS/IPS Building Blocks19.1.2 Host-Based or Network-Based IDS/IPS19.2 The Approaches Used for IDS/IPS19.2.1 Anomaly-Based Detection Methods19.2.1.1 Statistical-Based IDS/IPS19.2.1.2 Knowledge-/Expert-Based IDS/IPS19.2.1.3 Machine Learning-Based IDS/IPS19.2.2 Signature-Based IDS/IPS19.2.3 Adaptive Profiles19.3 Network-Based IDS/IPS19.3.1 Network-Based IDS/IPS (NIDS/NIPS) Functions19.3.2 Reputation-Based IPS19.4 Host-Based IDS/IPS19.5 Honeypots19.6 The Detection of Polymorphic/Metamorphic Worms19.7 Distributed Intrusion Detection Systems and Standards19.7.1 Event Aggregation and Correlation19.7.2 Security Information and Event Management (SIEM)19.7.3 Standards for Multiple Formats and Transport Protocols19.8 SNORT19.9 The TippingPoint IPS19.10 The McAfee Approach to IPS19.11 The Security Community’s Collective Approach to IDS/IPS19.12 Concluding RemarksReferencesChapter 19 Problems
20.1 Authentication Overview20.2 Hash Functions20.2.1 The Properties of Hash Functions20.2.2 The History of Hash Functions20.2.3 Secure Hash Algorithms 1 and 2 (SHA-1 and SHA-2)20.2.4 Feasible Attacks to a Hash20.3 The Hash Message Authentication Code (HMAC)20.3.1 The HMAC Algorithm20.3.2 The Key Derivation Function (KDF) and the Pseudorandom Function (PRF)20.4 Password-Based Authentication20.4.1 Dictionary Attacks20.4.2 The UNIX Encrypted Password System: CRYPT20.4.3 The UNIX/Linux Password Hash20.4.3.1 The MD5-Based Scheme20.4.3.2 The SHA-Based Scheme20.4.4 The Windows Password20.4.4.1 The LM (LanManager) Hash20.4.4.2 The Windows NT Hash20.4.5 Cracking Passwords20.5 The Password-Based Encryption Standard20.6 The Automated Password Generator Standard20.7 Password-Based Security Protocols20.7.1 IEEE P1363.220.7.2 Online Authentication20.7.3 ANSI X9.26-199020.7.4 Kerberos20.8 The One-Time Password and Token20.8.1 Two-Factor Authentication20.8.2 The OTP Standards20.8.3 RFC 2289: A One-Time Password System20.8.4 RFC 2808: The SecurID Simple Authentication and Security Layer (SASL) Mechanism20.8.5 RFC 4226: The HMAC-based One Time Password (HOTP)20.8.6 A Time-Based One-time Password Algorithm (TOTP)20.8.7 RFC 4758: The Cryptographic Token Key Initialization Protocol (CT-KIP)20.8.8 IETF Draft: One Time Password (OTP) Pre-authentication20.8.9 Intel Identity Protection Technology (Intel IPT)20.9 Open Identification (OpenID) and Open Authorization (OAuth)20.9.1 OpenID20.9.2 OAuth20.10 Concluding RemarksReferencesChapter 20 Problems
21.1 Block Ciphers21.1.1 The Data Encryption Standard (DES)21.1.2 Triple-DES21.1.3 The Advanced Encryption Standard (AES)21.1.4 Confidentiality Modes21.1.4.1 The Electronic Codebook (ECB) Mode21.1.4.2 The Cipher Block Chaining (CBC) Mode21.2 Stream Ciphers21.2.1 Rivest Cipher 4 (RC4)21.2.2 WLAN Security Using Stream Cipher RC421.2.2.1 The Chronology of WLAN Security21.2.2.2 The 802.11 WEP and 802.11i WPA Security Processes, and Their Weaknesses21.2.2.3 Wired Equivalent Privacy (WEP)21.2.2.4 802.11i Wi-Fi Protected Access (WPA)21.2.2.5 802.11i Fresh Keying21.2.3 The AES Counter Mode21.2.4 802.11iWi-Fi Protected Access 2 (WPA2)21.2.4.1 An Overview of the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)21.2.4.2 The CCMP Nonce21.2.5 The Advanced Encryption Standard Counter Mode (AES-CTR)21.2.5.1 The Cipher Block Chaining Message Authentication Code (CBC-MAC)21.2.5.2 The CCMP Complete Scheme21.2.6 WiFi Protected Setup (WPS)21.3 The US Government’s Cryptography Module Standards21.3.1 Federal Information Processing Standard (FIPS) 140-221.3.2 FIPS 140-321.3.3 The New European Schemes for Signatures, Integrity and Encryption (NISSIE)21.4 Side Channel Attacks and the Defensive Mechanisms21.5 Concluding RemarksReferencesChapter 21 Problems
22.1 Introduction22.1.1 The Diffie-Hellman (DH) Protocol22.1.1.1 Overview of the DH Key-Agreement Protocol22.1.1.2 Diffie-Hellman Key-Agreement Protocol Security22.1.1.3 The Use of a Diffie-Hellman Key-Agreement Protocol22.1.1.4 Diffie-Hellman Groups22.1.2 The Rivest, Shamir and Adleman (RSA) Public-Key Cryptography22.1.2.1 The RSA Algorithm22.1.2.2 Chinese Remainder Theorem (CRT) and RSA Decryption22.1.2.3 RSA Security22.2 The Digital Signature Concept22.2.1 RSA Signatures22.2.1.1 The RSA Signature Algorithm22.2.1.2 The Security of RSA Signatures22.2.1.3 An Example of Signing and Verifying a RSA Signature22.2.2 The Digital Signature Standard (DSS)22.3 Public Key Cryptography Characteristics22.3.1 The Recommended Use of Public Key Cryptography22.3.2 RSA vs. DH22.3.3 The RSA Challenge22.4 Elliptic Curve Cryptography (ECC)22.4.1 The ECC Algorithms and Their Properties22.4.2 The Elliptic Curve Discrete Logarithm Problem (ECDLP) and Its Applications22.4.3 Elliptic Curve Diffie-Hellman (ECDH) Key-Agreement Protocol22.4.4 Elliptic Curve Digital Signature Algorithm (ECDSA)22.4.5 The Elliptic Curve Integrated Encryption Standard (ECIES)22.4.6 Recommended Finite Fields and Elliptic Curves for Desired Security Strength22.4.7 The ECC Challenge22.5 Certificates and the Public Key Infrastructure22.5.1 A Certificate Authority (CA) and the Public Key Infrastructure22.5.2 The Secure Socket Layer (SSL) and Certificates22.5.3 The X.509 Certificate Format22.5.4 Classes of Certificates22.5.5 Trusted Root Certificates22.5.6 Certificate Revocation List (CRL)22.6 Public Key Cryptography Standards (PKCS)22.7 X.509 certificate and Private Key File Formats22.8 U.S. Government Standards22.8.1 National Security Agency (NSA) Suite B22.8.2 Suite B Cryptography Support in Windows22.8.3 The Entity Authentication Standard22.9 Attacks Which Target the Public Key Infrastructure and Certificates22.10 Email Security22.10.1 Pretty Good Privacy (PGP)22.10.2 Secure/Multipurpose Internet Mail Extensions (S/MIME)22.11 Concluding RemarksReferencesChapter 22 Problems
23.1 Introductory Overview23.2 The Handshake Protocol23.3 Attacks on the Handshake Protocol23.3.1 A SSL Version 2 Rollback Attack23.3.2 Man-in-the-Middle Attacks23.3.3 Browser Exploits against SSL/TLS (BEAST)23.4 The Record Protocol23.5 SSL/TLS Cryptography23.5.1 Key Generation23.5.2 Diffie-Hellman (DH) in SSL/TLS23.5.3 Elliptic Curve Cryptography (ECC) Cipher Suites for TLS23.6 Datagram Transport Layer Security (DTLS)23.6.1 The Need to Protect UDP Communication23.6.2 The Features in DTLS23.6.3 Applications of DTLS23.7 US Government Recommendations23.8 Extended Validation SSL (EV-SSL)23.9 Establishing a Certificate Authority (CA)23.10 Web Server’s Certificate Setup and Client Computer Configuration23.10.1 Certificate Request and Generation23.10.2 The Apache Web Server23.10.3 Microsoft’s Internet Information Services (IIS) Server23.11 A Certificate Authority’s Self-Signed Root Certificate23.11.1 The Use of a Self-Signed Root CA Certificate with Windows23.11.2 The Use of a Self-Signed CA Certificate with Firefox23.12 Browser Security Configurations23.13 Concluding RemarksReferencesChapter 23 Problems
24.1 Network Security Overview24.2 Internet Protocol Security (IPsec)24.2.1 IPsec Security Services24.2.2 IPsec Modes24.2.3 Security Association (SA)24.2.4 The Encapsulating Security Protocol (ESP)24.2.5 The Authentication Header (AH)24.2.6 The Anti-Replay Service24.3 The Internet Key Exchange (IKE)24.3.1 The IKE Components and Functions24.3.2 Distributed Denial of Service (DDoS) Resistance and Cookies24.3.3 IKEv2 Protocol24.3.3.1 IKE_SA_INIT and IKE_AUTH Exchanges24.3.3.2 Authentication (AUTH)24.3.3.3 The Traffic Selector24.3.4 The Two Phases of IKE24.3.5 Generating Keying Material24.3.6 The Pre-Shared Secret24.3.7 Extended Authentication (XAUTH)24.3.8 IKE Diffie-Hellman Groups24.3.9 Network Address Translation (NAT) Issues in an Authentication Header (AH) and Encapsulating Security Payloads (ESP)24.4 Data Link Layer VPN Protocols24.4.1 The Point-to-Point Tunneling Protocol (PPTP) Version 224.4.2 The Layer 2 Tunneling Protocol (L2TP)24.5 VPN Configuration Procedure Examples24.5.1 The Use of a Pre-shared Secret for Authentication in Windows 7/Vista24.5.2 Windows 7/Vista Tunnel Using PKI Certificates for Authentication24.5.3 A VPN Server in Microsoft’s Internet Security and Acceleration (ISA) Server24.5.4 Connecting a Windows 7/Vista to a Cisco VPN Appliance24.5.5 The Cisco VPN Appliance: Certificate-Based Authentication for a Gateway to Gateway Tunnel24.6 Concluding RemarksReferencesChapter 24 Problems
25.1 An Overview of Network Access Control (NAC)25.1.1 NAC Policies25.1.2 The Network Access Control/Network Access Protection (NAC/NAP) Client/Agent25.1.3 The Enforcement Points25.1.4 The NAC/NAP Server25.1.5 NAC/NAP Product Examples25.1.6 Enforcement Point Action25.1.6.1 Case 1: Using a Dynamic Host Configuration Protocol (DHCP)25.1.6.2 Case 2: Using a VPN25.1.6.3 Case 3: Using 802.1X25.1.7 Authentication and Authorization25.2 Kerberos25.2.1 The Key Distribution Center (KDC)25.2.2 A Single Sign-On Authentication Process25.2.3 Access Resources25.2.4 The Use of Realms in a KDC25.2.5 Security Issues25.2.6 Implementations25.3 The Trusted Platform Module (TPM)25.3.1 An Overview of TPM25.3.2 The TPM Functional Blocks25.3.3 The Platform Configuration Register (PCR)25.3.4 The Endorsement Key (EK)25.3.5 The Attestation Identity Key (AIK)25.3.6 The Root of Trust for Storage (RTS) and the TPM Key Hierarchy25.3.6.1 The Storage Root Key (SRK)25.3.6.2 Sealing a Key25.3.6.3 The TPM Key Hierarchy25.3.6.4 Ownership of the Storage Root Key (SRK) in a TPM25.3.7 TPM Applications25.4 Multiple Factor Authentications: Cryptographic Tokens and TPM25.5 802.1X25.5.1 The Extensible Authentication Protocol (EAP)25.5.2 The Remote Authentication Dial-In User Service (RADIUS)25.6 Enterprise Wireless Network Security Protocols25.6.1 The Home Network Scenario25.6.2 The Enterprise Wireless Network Scenario25.6.3 Roaming and Reassociation25.6.4 Disassociation and Deauthentication25.6.5 Remote Access Security Solutions25.6.6 The Products for NAC/NAP Provided by Cisco and Microsoft25.7 Concluding RemarksReferencesChapter 25 Problems
26.1 Domain Name System (DNS) Protection26.1.1 A Cache Poisoning Attack26.1.2 Domain Name Service Security Extensions (DNSSEC)26.1.2.1 The New Types of Resource Records (RRs) for DNSSEC26.1.2.2 Authenticated Denial of Existence for a DNS RR26.1.2.3 A Chain of Trust26.1.2.4 The Key Signing Key (KSK) and the Zone Signing Key (ZSK)26.1.2.5 Authentication Chains in DNS Parent and Child Zones26.1.3 DNSSEC Deployment26.1.3.1 The US Government Deployment Guidelines26.1.3.2 The DNSSEC Tools26.2 Router Security26.2.1 BGP Vulnerabilities26.2.2 BGP Security Measures26.3 Spam/Email Defensive Measures26.3.1 Email Blacklists26.3.2 The Sender Policy Framework (SPF)26.3.3 DomainKey Identified Mail (DKIM)26.3.4 Secure/Multipurpose Internet Mail Extensions (S/MIME)26.3.5 Domain-Based Message Authentication, Reporting and Conformance (DMARC)26.3.6 Cerificate Issues for S/MIME and Open Pretty Good Privacy (OpenPGP)26.3.7 National Institute of Standards and Technology (NIST) SP 800-45 Version 226.4 Phishing Defensive Measures26.4.1 Safe Browsing Tool26.4.2 Uniform Resource Locator (URL) Filtering26.4.3 The Obfuscated URL and the Redirection Technique26.5 Web-Based Attacks26.5.1 Web Service Protection26.5.2 Attack Kits26.5.3 HTTP Response Splitting Attacks26.5.4 Cross-Site Request Forgery (CSRF or XSRF)26.5.5 Cross-Site Scripting (XSS) Attacks26.5.6 Non-persistent XSS Attacks26.5.7 Persistent XSS Attacks26.5.8 Document Object Model (DOM) XSS Attacks26.5.9 JavaScript Obfuscation26.5.10 Asynchronous JavaScript and Extensible Markup Language (AJAX) Security26.5.11 Clickjacking26.6 Database Defensive Measures26.6.1 Structured Query Language (SQL) injection Attacks26.6.2 SQL injection Defense Techniques26.7 Botnet Attacks and Applicable Defensive Techniques26.7.1 Botnet Attacks26.7.2 Fast Flux DNS26.7.3 Well-Known Trojans and Botnets26.7.4 Distributed Denial of Service (DDoS) Attacks26.7.5 Botnet Control26.7.6 Botnet Defensive Methods That Use Intelligence and a Reputation-Based Filter26.8 Concluding RemarksReferencesChapter 26 Problems
27.1 Virtualization Overview27.2 The Virtualization Architecture27.2.1 The Computer Hardware/Software Interface27.2.2 The Process Virtual Machine (VM) and System Virtual Machine (VM)27.2.3 The Virtual Machine Monitor27.2.4 Instruction Set Architecture (ISA) Emulation27.2.5 Security Domain Isolation27.3 Virtual Machine Monitor (VMM) Architecture Options27.3.1 Hosted Virtualization27.3.2 The Hypervisor27.3.3 Hosted Virtualization-vs.-Hypervisor27.4 CPU Virtualization Techniques27.4.1 Privileges Resident in the x86 Architecture27.4.2 CPU Virtualization27.4.3 Full Virtualization with Binary Translation27.4.4 Para-virtualization27.4.5 Hardware-Assisted Virtualization27.5 Memory Virtualization27.6 I/O Virtualization27.6.1 The Input Output Virtual Machine (IOVM) Model27.6.2 Intel Virtualization Technology for Directed I/O27.7 Server Virtualization27.7.1 Microsoft’s Hyper-V27.7.2 Xen Virtualization27.7.3 VMware’s ESX Server Architecture27.7.4 A Comparison of Xen with VMware27.7.5 The Virtual Appliance27.8 Virtual Networking27.8.1 Segmentation in Virtual Networking27.8.1.1 The VPN27.8.1.2 The Overlay Network27.8.2 Isolation/Segmentation in the Network Virtualization Environment27.8.3 Virtual Switches27.8.4 The VMware VirtualCenter27.8.5 Virtual Machine Migration27.8.6 VPN Routing and Forwarding (VRFs) Tables27.8.6.1 VRFs27.8.6.2 VRF Lite Traffic Routing with Segmentation27.8.7 Unified Access and Centralized Services27.9 Data Center Virtualization27.9.1 A Virtualized Data Center Architecture27.9.2 Storage Area Networks (SANs) Virtualization27.9.3 Fiber Channel (FC) and Fiber Channel over Ethernet (FCoE)27.9.3.1 Fiber Channel27.9.3.2 Fiber Channel over Ethernet (FCoE)27.9.4 The Converged Network Adapter (CNA)27.9.5 The Cisco Unified Computing System (UCS)27.10 Cloud Computing27.11 Concluding RemarksReferencesChapter 27 Problems
28.1 Unified Communications (UC)/Unified Messaging (UM)28.2 Internet Protocol Telephony and Public Service Telephone Network Integration28.2.1 The Media Gateway28.2.2 The Media Gateway Controller (MGC)28.2.3 The Media Gateway Control Protocol Standards28.2.4 Integrated Services28.3 Implementations of Unified Communications28.3.1 The All-in-One Box28.3.2 The Microsoft Exchange Server28.4 The Session Initiation Protocol (SIP)28.4.1 SIP Overview28.4.2 The SIP Standards Groups28.4.3 SIP Services28.4.4 SIP Addressing28.5 The SIP Distributed Architecture28.5.1 The User Agent (UA)28.5.2 Locating a SIP Server28.5.3 The SIP Registrar28.5.4 Setting Up A Call28.6 Intelligence in Unified Communications28.7 The Media in a Session Initiation Protocol Session28.7.1 Quality of Service (QoS) Constraints28.7.2 The Multimedia Protocol Stack28.7.3 A Protocol Comparison (SIP vs. H.323)28.8 The Real-Time Protocol (RTP) and Its Packet Format28.8.1 The RTP Header28.8.2 The Payload Type and Sequence Number28.8.3 The Timestamp28.9 The Real-Time Control Protocol (RTCP) and Quality of Service (QoS)28.9.1 The Purpose of RTCP28.9.2 RTCP Packets28.9.3 The RTCP Extended Report Packet Format28.9.4 Audio/Video Conferencing28.10 Integrated Services in the Internet28.10.1 The Resource ReSerVation Protocol (RSVP)28.10.2 RSVP’s Role in Voice/Video Communication28.10.3 The RSVP Flow Descriptor28.10.4 RSVP Protocol Mechanisms28.11 The Real-Time Streaming Protocol (RTSP)28.11.1 The Use of RTSP for Streaming Multimedia Control28.11.2 RTSP Functions28.11.3 A RTSP Session28.12 Unified Communication/Unified Messaging Security28.12.1 The National Institute of Standards and Technology (NIST)’s SP 800-5828.12.2 The International Telecommunications Union’s H.323 Security Standard: H.32528.12.3 Session Initiation Protocol (SIP) Security28.13 Concluding RemarksReferencesChapter 28 Problems

Overview

If a network is not secure, how valuable is it? Introduction to Computer Networks and Cybersecurity takes an integrated approach to networking and cybersecurity, highlighting the interconnections so that you quickly understand the complex design issues in modern networks. This full-color book uses a wealth of examples and illustrations to effective