Internet and Network Security

Introduction to Network Security

Internet and Network Security

What you should be able to do Describe the types of security attacks Identify the scope of the security problems Identify the need for establishing a security

policy Identify the need to establish a required

point of access for security purposes

Overview

Internet overview Describe the types of security attacks Identify the scope of the security problems Identify the need for establishing a security

policy Identify the need to establish a single point

of access for security purposes

What is the internet ?

50 Million Plus users e-mail Usenet WWW Info super-highway e-commerce Collection of networks

How the internet is Funded in the US Internet Services Provider (local) National Service Provider Educational or Research Networks Regional or State Networks Commercial Backbone Networks Network Access Points

Internet Security

Prevents unauthorized network access to resources

Authorizes own personel to use the Internet Increasing use of cryptography to insure: - Privacy

- Authentication

- Integrity

Complements system security

Types of Attacks

Intrusion Gaining Access Using the System

Denial of Service Preventing the use of resources Sabotage Flooding a service or system

Information theft Sniffing

The Magnitude of Security Problems US Governement “The US DOD expereinced 260,000 computer system attacks last year. In nearly two-

thirds of the cases, attackers gained entry to the agency’s computer networks, according to a report by the Rand Corp.” IEEE Computer July 1996

Private Industry - According to a survey of 1,320 companies by Information Week/Ernst Young: 78% lost money from security breaches 63% suffered losses from viruses 32% lost money from inside hasckers 73% have no more than three people on secuirty Information Week, October 21, 1996

Don’t Forget

80% of break-ins are with passwords Poor System Configuration File system protection Physical security Internal Security Tapes, Floppies Modem Access

Security Policy

Set of Rules What is the proper use of resources Follows from the organizational needs Determines firewall design Management should issue a security policy Get RFC 1244 “Site Security Handbook”

Providing Controlled Access Point Providing Controlled Access Point

Corporateip Network

Firewall

Internet

TCP/IP Protocols Overview

What this section is about This section review the TCP/IP protocol headers and their exposure in

terms of security

What you should be able to do Describe the following concepts in relation to security Layering Physical Layer IP Layer IP routing ICMP

TCP/IP Protocols and Layers

Applications

Transport

Internet

Network Interface and Hardware

Applications

TCP/UDP

IP ICMP ARP/RARP

Network Interfaceand Hardware

Layering Example: TFTP

In each layer the payload contains a header and the payload of the layer above. The TFTP data contains for example 400 bytes of file data. The application protocol adds a TFTP header, which is 4 bytes large. TFTP uses UDP, so UDP header is presented. A UDP header is 8 bytes large. The IP header adds another 20 bytes. Finally, an Ethernet header and trailer are added. Those are 14 and 4 bytes large. If an IP packet arrives whose length is smaller than the combined length of all higher headers, the packet is of no use. If this happens as a result of some malicious intent, this is called the “tiny fragment” attack”

Ethernet headerip Header

udptftp

File data

Ethenet trailer

IP Header

Version Length Type of Service Total Length

Identification Flags Fragment Offset

TTL Protocol Header Checksum

Source IP Address

Destination AddressOptions

IP Options

Intended for special handling above and beyond typical situations

Many options obsolete Field is typically empty Source routing option specifies route instead of routers

- Theory: useful in broken routing environment

- Practice: used by hackers to circumvent security

measures Recommendation: drop packets with IP option set

IP Adresses

0 Network Host

10 Network Host

110 Network Host

A Less than 128

B From 128 to 191

C From 192 to 223

Fragmentation

DF = don’t fragment MF = more fragments Accommodates dissimilar networks Fragment as you go Copy IP header, ID, and compute new (relative) offset Reassemble redone at the destination system using Source address ID Offset, last fragment has MF=0 Proceeding process is CPU intensive

IP Forwarding

Routers manage internal routing tables Each datagram inspected by router for destination address Router searches Database to determine which interface to

forward the datagram

IP Forwarding Principles

Each packet is forwarded separately Many hops: form router to router Router forwards IP packet to next hop Based on routing table

Packets may be fragmented Reassembly done by destination host Router overload - packet is dropped TTL - Time to Live field avoids infinite

loops (decreased at each hop)

Routing Protocols

Every router knows optimal path through network This is used to compute the routing table Routing protocols distribute routing information RIP (Routing Information Protocol) OSPF (Open Shortest Path First) Risk - your router is sent false routing information Don’t allow any routing protocol through firewall Firewall uses static routing

ICMP Messages Internet Control Message Protocol

Network error messages do not make IP more reliableEssential when diagnosing network problemsEach Message includes a type field and related code fieldThreat - bogus ICMP messages or broadcast storms when something is wrong

ICMP Messages

Message type Message type 3 code o echo reply 0 Net unreachable 3 Dest unreachable 1 Host unreachable 4 Source quench 2 Protocol unreachable 5 Redirect 3 Fragment needed and DF set 6 Echo 5 Source route failed 9 Router advertisement 10 Router solicitation 11 Time exceeded 12 Parameter problem 13 Timestamp 15 Information request 16 Information Reply

Port Mutiplexing

Named53

Telenet23

Sendmail25

Httpd80

UDP TCP

IP

Data linkphysical

Socket Interface

Socket interface to TCP/IP Socket system call

Create, bind to address Use file descriptor such as read, write, close

TCP Connection Localhost, local port Remotehost, remoteport

TCP Reliable Connection

Detection of lost data, or dat received twice Retransmissions of lost IP packets Sequence number in TCP header Each byte is numbered and acknowledged

ACK (sequence number) in every packet except the first

Retransmissions of lost IP packets Flow Control Window size

Number of permitted outstanding (non acknowledged) bytes

Client/Server Applications with TCP

Server (“daemon”) listens on a “socket” (port) Client connects to that port TCP three way handshake SYN

SYN, ACK

ACK

Establishes a connection Bi-directional connection Parties can read/write from/to socket

Name Services (DNS)

“www.company.com” > 123.45.67.89 telnet host.company.com mail user@relay.company.com UDP- based:vulnerable Exposed internal configuration