-
Internet and Network SecurityIntroduction to Network
Security
-
Internet and Network SecurityWhat you should be able to
doDescribe the types of security attacksIdentify the scope of the
security problemsIdentify the need for establishing a security
policyIdentify the need to establish a required point of access for
security purposes
-
OverviewInternet overviewDescribe the types of security
attacksIdentify the scope of the security problemsIdentify the need
for establishing a security policyIdentify the need to establish a
single point of access for security purposes
-
What is the internet ?50 Million Plus userse-mailUsenetWWWInfo
super-highwaye-commerceCollection of networks
-
How the internet is Funded in the USInternet Services Provider
(local)National Service ProviderEducational or Research
NetworksRegional or State NetworksCommercial Backbone
NetworksNetwork Access Points
-
Internet SecurityPrevents unauthorized network access to
resourcesAuthorizes own personel to use the InternetIncreasing use
of cryptography to insure: - Privacy - Authentication -
IntegrityComplements system security
-
Types of AttacksIntrusionGaining AccessUsing the SystemDenial of
ServicePreventing the use of resourcesSabotageFlooding a service or
systemInformation theftSniffing
-
The Magnitude of Security ProblemsUS GovernementThe US DOD
expereinced 260,000 computer system attacks last year. In nearly
two-thirds of the cases, attackers gained entry to the agencys
computer networks, according to a report by the Rand Corp. IEEE
Computer July 1996Private Industry- According to a survey of 1,320
companies by Information Week/Ernst Young:78% lost money from
security breaches63% suffered losses from viruses32% lost money
from inside hasckers73% have no more than three people on
secuirtyInformation Week, October 21, 1996
-
Dont Forget80% of break-ins are with passwordsPoor System
ConfigurationFile system protectionPhysical securityInternal
SecurityTapes, FloppiesModem Access
-
Security PolicySet of RulesWhat is the proper use of
resourcesFollows from the organizational needsDetermines firewall
designManagement should issue a security policyGet RFC 1244 Site
Security Handbook
-
Providing Controlled Access PointProviding Controlled Access
PointCorporateip NetworkFirewallInternet
-
TCP/IP Protocols OverviewWhat this section is aboutThis section
review the TCP/IP protocol headers and their exposure in terms of
securityWhat you should be able to doDescribe the following
concepts in relation to securityLayeringPhysical LayerIP LayerIP
routingICMP
-
TCP/IP Protocols and LayersApplications
Transport
Internet
Network Interface and HardwareApplications
TCP/UDP
IP ICMP ARP/RARP
Network Interfaceand Hardware
-
Layering Example: TFTPIn each layer the payload contains a
header and the payload of the layer above. The TFTP data contains
for example 400 bytes of file data. The application protocol adds a
TFTP header, which is 4 bytes large. TFTP uses UDP, so UDP header
is presented. A UDP header is 8 bytes large. The IP header adds
another 20 bytes. Finally, an Ethernet header and trailer are
added. Those are 14 and 4 bytes large. If an IP packet arrives
whose length is smaller than the combined length of all higher
headers, the packet is of no use. If this happens as a result of
some malicious intent, this is called the tiny fragment attack
Ethernet headerip HeaderudptftpFile dataEthenet trailer
-
IP HeaderVersion Length Type of Service Total Length
Identification Flags Fragment Offset
TTL Protocol Header Checksum
Source IP Address
Destination AddressOptions
-
IP OptionsIntended for special handling above and beyond typical
situationsMany options obsoleteField is typically emptySource
routing option specifies route instead of routers - Theory: useful
in broken routing environment - Practice: used by hackers to
circumvent security measuresRecommendation: drop packets with IP
option set
-
IP AdressesA Less than 128B From 128 to 191C From 192 to 223
0
Network
Host
10
Network
Host
110
Network
Host
-
FragmentationDF = dont fragmentMF = more fragmentsAccommodates
dissimilar networksFragment as you goCopy IP header, ID, and
compute new (relative) offsetReassemble redone at the destination
system using Source addressIDOffset, last fragment has
MF=0Proceeding process is CPU intensive
-
IP ForwardingRouters manage internal routing tablesEach datagram
inspected by router for destination addressRouter searches Database
to determine which interface to forward the datagram
-
IP Forwarding PrinciplesEach packet is forwarded separatelyMany
hops: form router to routerRouter forwards IP packet to next hop
Based on routing tablePackets may be fragmented Reassembly done by
destination hostRouter overload - packet is droppedTTL - Time to
Live field avoids infinite loops (decreased at each hop)
-
Routing ProtocolsEvery router knows optimal path through
networkThis is used to compute the routing tableRouting protocols
distribute routing informationRIP (Routing Information
Protocol)OSPF (Open Shortest Path First)Risk - your router is sent
false routing informationDont allow any routing protocol through
firewallFirewall uses static routing
-
ICMP Messages Internet Control Message ProtocolNetwork error
messages do not make IP more reliableEssential when diagnosing
network problemsEach Message includes a type field and related code
fieldThreat - bogus ICMP messages or broadcast storms when
something is wrong
-
ICMP MessagesMessage type Message type 3 code o echo reply 0 Net
unreachable 3 Dest unreachable 1 Host unreachable 4 Source quench 2
Protocol unreachable 5 Redirect 3 Fragment needed and DF set 6 Echo
5 Source route failed 9 Router advertisement 10 Router solicitation
11 Time exceeded 12 Parameter problem 13 Timestamp 15 Information
request 16 Information Reply
-
Port MutiplexingNamed53Telenet23Sendmail25Httpd80UDPTCPIPData
linkphysical
-
Socket InterfaceSocket interface to TCP/IP Socket system
call
Create, bind to address Use file descriptor such as read, write,
close
TCP Connection Localhost, local port Remotehost, remoteport
-
TCP Reliable ConnectionDetection of lost data, or dat received
twiceRetransmissions of lost IP packetsSequence number in TCP
header Each byte is numbered and acknowledged ACK (sequence number)
in every packet except the firstRetransmissions of lost IP
packetsFlow Control Window size Number of permitted outstanding
(non acknowledged) bytes
-
Client/Server Applications with TCPServer (daemon) listens on a
socket (port)Client connects to that portTCP three way handshake
SYN SYN, ACK ACKEstablishes a connectionBi-directional
connectionParties can read/write from/to socket
-
Name Services (DNS)www.company.com > 123.45.67.89telnet
host.company.commail [email protected]
based:vulnerableExposed internal configuration
