Top Banner

Click here to load reader

Internet and Network Security Introduction to Network Security

Jan 16, 2016

ReportDownload

Documents

  • Internet and Network SecurityIntroduction to Network Security

  • Internet and Network SecurityWhat you should be able to doDescribe the types of security attacksIdentify the scope of the security problemsIdentify the need for establishing a security policyIdentify the need to establish a required point of access for security purposes

  • OverviewInternet overviewDescribe the types of security attacksIdentify the scope of the security problemsIdentify the need for establishing a security policyIdentify the need to establish a single point of access for security purposes

  • What is the internet ?50 Million Plus userse-mailUsenetWWWInfo super-highwaye-commerceCollection of networks

  • How the internet is Funded in the USInternet Services Provider (local)National Service ProviderEducational or Research NetworksRegional or State NetworksCommercial Backbone NetworksNetwork Access Points

  • Internet SecurityPrevents unauthorized network access to resourcesAuthorizes own personel to use the InternetIncreasing use of cryptography to insure: - Privacy - Authentication - IntegrityComplements system security

  • Types of AttacksIntrusionGaining AccessUsing the SystemDenial of ServicePreventing the use of resourcesSabotageFlooding a service or systemInformation theftSniffing

  • The Magnitude of Security ProblemsUS GovernementThe US DOD expereinced 260,000 computer system attacks last year. In nearly two-thirds of the cases, attackers gained entry to the agencys computer networks, according to a report by the Rand Corp. IEEE Computer July 1996Private Industry- According to a survey of 1,320 companies by Information Week/Ernst Young:78% lost money from security breaches63% suffered losses from viruses32% lost money from inside hasckers73% have no more than three people on secuirtyInformation Week, October 21, 1996

  • Dont Forget80% of break-ins are with passwordsPoor System ConfigurationFile system protectionPhysical securityInternal SecurityTapes, FloppiesModem Access

  • Security PolicySet of RulesWhat is the proper use of resourcesFollows from the organizational needsDetermines firewall designManagement should issue a security policyGet RFC 1244 Site Security Handbook

  • Providing Controlled Access PointProviding Controlled Access PointCorporateip NetworkFirewallInternet

  • TCP/IP Protocols OverviewWhat this section is aboutThis section review the TCP/IP protocol headers and their exposure in terms of securityWhat you should be able to doDescribe the following concepts in relation to securityLayeringPhysical LayerIP LayerIP routingICMP

  • TCP/IP Protocols and LayersApplications

    Transport

    Internet

    Network Interface and HardwareApplications

    TCP/UDP

    IP ICMP ARP/RARP

    Network Interfaceand Hardware

  • Layering Example: TFTPIn each layer the payload contains a header and the payload of the layer above. The TFTP data contains for example 400 bytes of file data. The application protocol adds a TFTP header, which is 4 bytes large. TFTP uses UDP, so UDP header is presented. A UDP header is 8 bytes large. The IP header adds another 20 bytes. Finally, an Ethernet header and trailer are added. Those are 14 and 4 bytes large. If an IP packet arrives whose length is smaller than the combined length of all higher headers, the packet is of no use. If this happens as a result of some malicious intent, this is called the tiny fragment attack

    Ethernet headerip HeaderudptftpFile dataEthenet trailer

  • IP HeaderVersion Length Type of Service Total Length

    Identification Flags Fragment Offset

    TTL Protocol Header Checksum

    Source IP Address

    Destination AddressOptions

  • IP OptionsIntended for special handling above and beyond typical situationsMany options obsoleteField is typically emptySource routing option specifies route instead of routers - Theory: useful in broken routing environment - Practice: used by hackers to circumvent security measuresRecommendation: drop packets with IP option set

  • IP AdressesA Less than 128B From 128 to 191C From 192 to 223

    0

    Network

    Host

    10

    Network

    Host

    110

    Network

    Host

  • FragmentationDF = dont fragmentMF = more fragmentsAccommodates dissimilar networksFragment as you goCopy IP header, ID, and compute new (relative) offsetReassemble redone at the destination system using Source addressIDOffset, last fragment has MF=0Proceeding process is CPU intensive

  • IP ForwardingRouters manage internal routing tablesEach datagram inspected by router for destination addressRouter searches Database to determine which interface to forward the datagram

  • IP Forwarding PrinciplesEach packet is forwarded separatelyMany hops: form router to routerRouter forwards IP packet to next hop Based on routing tablePackets may be fragmented Reassembly done by destination hostRouter overload - packet is droppedTTL - Time to Live field avoids infinite loops (decreased at each hop)

  • Routing ProtocolsEvery router knows optimal path through networkThis is used to compute the routing tableRouting protocols distribute routing informationRIP (Routing Information Protocol)OSPF (Open Shortest Path First)Risk - your router is sent false routing informationDont allow any routing protocol through firewallFirewall uses static routing

  • ICMP Messages Internet Control Message ProtocolNetwork error messages do not make IP more reliableEssential when diagnosing network problemsEach Message includes a type field and related code fieldThreat - bogus ICMP messages or broadcast storms when something is wrong

  • ICMP MessagesMessage type Message type 3 code o echo reply 0 Net unreachable 3 Dest unreachable 1 Host unreachable 4 Source quench 2 Protocol unreachable 5 Redirect 3 Fragment needed and DF set 6 Echo 5 Source route failed 9 Router advertisement 10 Router solicitation 11 Time exceeded 12 Parameter problem 13 Timestamp 15 Information request 16 Information Reply

  • Port MutiplexingNamed53Telenet23Sendmail25Httpd80UDPTCPIPData linkphysical

  • Socket InterfaceSocket interface to TCP/IP Socket system call

    Create, bind to address Use file descriptor such as read, write, close

    TCP Connection Localhost, local port Remotehost, remoteport

  • TCP Reliable ConnectionDetection of lost data, or dat received twiceRetransmissions of lost IP packetsSequence number in TCP header Each byte is numbered and acknowledged ACK (sequence number) in every packet except the firstRetransmissions of lost IP packetsFlow Control Window size Number of permitted outstanding (non acknowledged) bytes

  • Client/Server Applications with TCPServer (daemon) listens on a socket (port)Client connects to that portTCP three way handshake SYN SYN, ACK ACKEstablishes a connectionBi-directional connectionParties can read/write from/to socket

  • Name Services (DNS)www.company.com > 123.45.67.89telnet host.company.commail [email protected] based:vulnerableExposed internal configuration