Security System 1 - 07

8/14/2019 Security System 1 - 07

http://slidepdf.com/reader/full/security-system-1-07 1/15

#7. Telecommunications and

Networking Security



AGENDA

Working with Protocol and Services



Working with Protocols and

Services The following sections will discuss in more detail

how TCP/IP hosts communicate with each other.

We will discuss the concepts of ports,

handshakes, and application interfaces. The

objective isn’t to make you an expert on thissubject, but to help you understand what you’re

dealing with when attempting to secure a TCP/IP

network.




Services Well-Known Ports

Simply stated, ports identify how a communication

process occurs. Ports are special addresses that

allow communication between hosts. A port

number is added from the originator, indicating

which port to communicate with on a server. If a

server has this port defined and available for use,

it will send back a message accepting the request.

If the port isn’t valid, the server will refuse theconnection. The Internet Assigned Numbers

Authority (IANA) has defined a list of ports called

well-known ports.




Services A port is nothing more than a bit of additional

information added to either the TCP or UDP

message. This information is added in the header

of the packet. The layer below it encapsulates the

message with its header.

Many of the services you’ll use in the normal

course of utilizing the Internet use the TCP port

numbers identified in Table 2.1. Table 2.2 identifies

some of the more common, wellknown UDP ports.








ServicesThe early documentation for these ports specified

that ports below 1024 were restricted to

administrative uses. However, enforcement of this

restriction has been voluntary and is creating

problems for computer security professionals. Asyou can see, each of these ports potentially

requires different security considerations,

depending on the application they’re assigned for.

All the ports allow access to your network; even if you establish a firewall, you must have these ports

open if you want to provide e-mail or web services.




Services TCP Three-Way Handshake

TCP, which is a connection-oriented protocol,

establishes a session using a three-way

handshake. A host called a client originates this

connection. The client sends a TCP segment, or

message, to the server. This client segment

includes an Initial Sequence Number (ISN) for the

connection and a window size. The server

responds with a TCP segment that contains itsISN and a value indicating its buffer, or window

size. The client then sends back an

acknowledgment of the server’s sequence

number.






Services

A web request uses the TCP connection

process to establish the connection

between the client and the server. After

this occurs, the two systems communicatewith each other; the server uses TCP port

80. The same thing occurs when an e-mail

connection is made, with the difference

being that the client (assuming it’s usingPOP3) uses port 110.




Services

Application Programming Interface

Interfacing to TCP/IP is much simpler than

interfacing to earlier network models. A

welldefined and well-established set of Application Programming Interfaces (APIs)

is available from most software companies.

APIs allow programmers to create

interfaces to the protocol.




Services

When a programmer needs to create a

web-enabled application, they can call or

use one of these APIs to make the

connection, send or receive data, and endthe connection.

The APIs are prewritten, and they make the

job considerably easier than manually

coding all of the connection information.




Services

Microsoft uses an API called a Windows

socket (WinSock) to interface to the

protocol.

It can access either TCP or UDP protocolsto accomplish the needed task. Figure 2.10

illustrates how the Windows socket

connects to the TCP/IP protocol suite.



Security System 1 - 07

Documents