Transcript Lecture 3&4 - Computer Science and Engineering

Network Security and
Management
CS682 – Sessions 3 and 4
Prof. Katz
Public-Key Cryptography
Concept created by Diffie and Hellman
in 1976
Two keys are used, one for encoding
the other for decoding
Also usually supports Digital Signatures
Diffie – Hellman concepts
1. It is easy for party B to generate a public and
2.
3.
4.
5.
private key
It is easy for sender A, knowing B’s public key and
message M to generate the corresponding
cyphertext
It is easy for B, knowing his private key and the
cyphertext to compute the plain text
It is impossible for an opponent knowing B’s public
key and the cyphertext to compute the plain text
It is impossible for an opponent knowing B’s public
key and the cyphertext to compute the private key.
Network Protocols
A history of IP
Originally designed by the DOD for
military purposes
Used to create the DARPANET
DARPANET later evolved into the
Internet for Educational purposes
Recently been utilized more for
commercial purposes
IP Header
0
1
2
Ver
3
4
5
6
IHL
7
8
9
1
0
1
1
1
2
1
3
1
5
1
6
1
7
1
8
1
9
2
0
Type of Service
Identifier
Time To Live
1
4
2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
3
0
3
1
b
it
s
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options + Padding
I
P
H
e
a
d
e
r
(
M
i
n
u
m
u
m
l
e
n
g
t
h
2
0
O
c
t
e
t
s
)
User Datagram Protocol (UDP)
A simple, connection-less layer 4 protocol for
the transmission of non-critical data
No reliability, No confirmation of delivery, No
order of packets!
Very Light protocol which sits on top of IP
layer.
Used by a number of ULPs including DNS,
DHCP, and BootP.
Port numbers
UDP introduces the concept of port numbers
as a layer 4 address.
Ports are used to indicate which layer 7
service should receive the packet and which
produced it.
When a server program starts it “binds” to
the port it will use for communication (usually
<1024), UDP then knows that data received
for that port should be delivered to that
program.
Ports (cont.)
When a client service begins
communication it can either request a
specific port for communication or use a
unique port provided by the OS.
Server ports are static, client ports may
be dynamic.
Common UDP port numbers
67 – BooTP Server
68 – BootP client
69 – Trivial FTP
UDP Header
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Source Port
Destination Port
Length
checksum
Data
Header Values
Source port – The port on the source
host which generated this message
Destination Port – The port on the
destination host which should receive
this message
Length – The length of the header and
data
UDP Checksum
The UDP checksum is calculated across
the data and the header.
The Checksum is the one’s compliment
of the 16-bit sum of the words in the
header and data.
Additionally the 32-bit source and
destination, the 8 bit protocol field, and
the UDP length are included in the sum.
UDP Checksum
On the receiving end all words are
added to the checksum and the result
should be all ones.
If the result is not all ones then an error
has occurred.
Transport Control Protocol
Provides a connection oriented layer 4
service
Provides guarantees
Provides sequence ability
TCP Header
0
1
2
3
4
5
6
7
8
9
1
0
1
1
1
2
1
3
1
4
1
5
1
6
1
7
1
8
Source Port
1
9
2
0
2
1
2
2
2
3
2
4
2
5
Destination Port
Sequence Number
Acknowledgement Number
Header len
reserved
U
R
G
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
Checksum
Window size
Urgent Pointer
Options + padding
Data
2
6
2
7
2
8
2
9
3
0
3
1
TCP Header (cont.)
Source and destination ports – Which
application produced the packet and which
should receive it
Sequence number – Identification of the
relative location of the first byte in the packet
to the first byte in the stream.
Acknowledgement number – The sequence
number of the next byte which the receiving
station expects
TCP Header (cont.)
Urgent
Acknowledgement
Push
Reset
Synchronize sequence numbers
Final packet
TCP Connection Establishment
Client Sends SYN
Server Replies with SYN-ACK
Client Replies with ACK
TCP Connection maintenance
The Sequence number is incremented
for every packet sent
An acknowledgement must be made
before the window size is reached.
An ack is sent for the next byte which
the client expects to receive.
TCP State Diagram
Fundamentals of network security
To employ good network security
requires that you know everything
about the network!
We will forfeit some usability for
security.
If your recommendations are not
followed – CYA!
Common Network Protocols
HTTP – Used for traffic on the World Wide
Web, usually port 80
FTP – Used to transmit binary and ASCII data
files, control connections on port 21
Telnet – Used to obtain a shell on a remote
system, usually on port 23
POP3 – Used by clients to retrieve email on
corporate servers, usually port 110
SMTP – Used to transfer mail between
domains/servers, usually port 25
DNS – Used to Resolve Names, UDP port 54
Request for Comments
Maintained by the Internet Engineering
Task Force (www.IETF.org)
Protocol designers publish documents
and release them to the Internet
community for comments and
implementation
RFCs are accepted today as rules for
implementing protocols
HyperText Transfer Protocol
Version 1.1 defined in RFC 2068
No banner on connection establishment
Client should send all header
information followed by a return
character ‘\n’
URI Specifications
Uniform Resource Identifier
Used to indicate resources available on
a network
<scheme>://<authority><path>?<query>
Eg. http://search.microsoft.com/search.asp?find=MS
HTTP Options
Obtain all server information
HTTP GET
Request for one file
HTTP HEAD
Returns only the header information
which would be obtained by a GET
command
Useful for determining if a document
should be downloaded or used from
cache
HTTP POST
Used to send LARGE (>500 Bytes) of
data to a remote system
Can be used for large forms or for
uploading files
HTTP PUT
Same concept as POST but used only
for uploading files
Security Problems with HTTP
Buffer Overflows are common
Non-anonymous users send their
username/password as a BASE64
encoding
Excessive client data transmitted
Snooping possible when uploading data
Cookies
FTP
Defined in RFC 959
FTP Control connections are established
on port 21
USER is followed by a username and a
return character and PASS followed by a
password and a return character
FTP Standard Data
Connections
User initiates the data transfer and sets
up a listener on a specific port, server
connects to that port and “dumps” the
file.
FTP PASV Data Connections
User indicates that passive mode data
transfer should occur
User selects file which should be
transferred
Server creates a listener and allows
client to connect to it, once the
connection is established, server
“dumps” the file
Security Problems with FTP
Buffer overflows
Security credentials are sent in cleartext
Opens dynamic ports which firewalls
may allow through
Data is sent in cleartext
Telnet
User connects to server port and server
displays a welcome banner (usually
/etc/issue.net) then requests login
Client responds to server’s login request
with a valid username/password
Shell is activated STDOUT and STDERR
mapped to client’s terminal
Security Problems with Telnet
All data (including username/password)
is sent in cleartext
Buffer overflows and root attacks
possible
Post Office Protocol version 3
Defined in RFC 1725
Used to download mail from a server for
local reading when direct file access is
not available or advisable
Very popular on the Internet, almost
the prime source of email
Operation of POP3
User establishes a connection to the server port (Usually
110/tcp)
Server greets user
User issues the USER command with a valid username
Server will always respond with “+OK”
User issues the PASS command with the password
Server will attempt to authenticate the user
If successful “+OK” is returned otherwise “-ERR”
Transaction state commands
STAT – see the total number of messages and bytes
UIDL (#)– obtain the Unique ID Listing for messages in the
mailbox
RETR # – Retrieve one message
DELE # – Mark one message for deletion
LIST (#) – Show the size of each a/all message(s)
RSET – Mark all messages as undeleted
TOP M# N# - Return the first N# lines from message M#
Normal POP3 session
Implementing POP3
When the user is authenticated open
the mailbox and parse the messages in
it into memory
Read in each command and respond
appropriately
When QUIT is received copy the
contents of memory to the mailbox
Problems with POP3
Authentication information is sent in
clear text (although POP3 supports MD5
hashed authentication it’s not
commonly used)
Messages are sent in clear text
Buffer overflows
Root level attacks
Simple Mail Transport Protocol
Defined in RFC 821
Used for transmitting mail between
servers and domains
THE definitive solution for inter-domain
mail transfer on the Internet
Operation of SMTP
Remote server connects to the local machine,
local machine greets
Remote machine introduces itself
Remote machine indicates who message is
from
Remote machine indicates one or more
recipients
Remote machine transmits data of the
message
Commands
HELO or EHLO – Command for remote
machine to introduce itself to local machine
MAIL FROM:<w@x> - indicates the sender of
the message
RCPT TO:<y@z> - indicates the recipient of
the message
DATA – indicates the start of the data transfer
(concluded with a CRLF.CRLF string)
Problems with SMTP
Buffer Overflows are common
Messages are sent in cleartext (by
default)
Normal SMTP session
duke% telnet login.dataixl.com 25
Trying 64.2.85.40...
Connected to unix.dataixl.com.
Escape character is '^]'.
220 unix.dataixl.com ESMTP Sendmail 8.11.0/8.11.0; Wed, 14 Feb 2001 16:42:33 -05
00
HELO duke.poly.edu
250 unix.dataixl.com Hello [email protected] [128.238.2.92], pleased to meet y
ou
MAIL FROM:<[email protected]>
250 2.1.0 <[email protected]>... Sender ok
RCPT TO:<[email protected]>
250 2.1.5 <[email protected]>... Recipient ok
RCPT TO:<[email protected]>
250 2.1.5 <[email protected]>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Subject: Hello
This is just a hello message
.
250 2.0.0 f1ELgoO22093 Message accepted for delivery
QUIT
221 2.0.0 unix.dataixl.com closing connection
Connection closed by foreign host.
The Domain Name System
Defined in RFC 1035
Designed to resolve names into
addresses
Designed to be a distributed system
Different Types of records for different
purposes
Types of Records
A – a host address
NS – Authoritative name Server address
SOA – Start Of Authority
MX – Mail Exchanger
HINFO – Hardware info
CNAME – Canonical name for an alias
Operation of DNS
0.







User types in www.microsoft.com into Web Browser
Client requests the address of www.microsoft.com (A) from local DNS
Local DNS checks it’s cache, if address is known it is immediately returned to
client otherwise Local DNS requests microsoft.com (NS) from root-server
Root-server responds to Local DNS with appropriate address for
microsoft.com DNS
Local DNS contacts Microsoft.com DNS to resolve www.microsoft.com (A)
Microsoft.com DNS responds to Local DNS with address of
www.microsoft.com (A)
Local DNS Responds to client with address of www.microsoft.com (A)
Client Initiates TCP session to IP address associated with www.microsoft.com
(A)
Authority
When you “Own” a domain name, you
are responsible for maintaining at least
one authoritative name server
This server NEVER checks a cache and
is the authority for queries to your
domain
If this server goes down, so does your
domain
Authoritative domain file
@
IN
SOA
dan.spacelab.net. dkatz.dan.spacelab.net. (
2001010801
; serial number
86400
; refresh:
3600
; retry:
24 hours
1 hour
432000
; expire:
86400 )
; minimum:
5 days
1 week
IN
A
64.2.85.40
IN
NS
unix
IN
MX
0 unix
Localhost
IN
A
127.0.0.1
Unix
IN
A
64.2.85.40
IN
HINFO P100/48MB/4.0GB LINUX
www
IN
CNAME unix
ftp
IN
CNAME unix
login
IN
CNAME unix
irc
IN
CNAME unix
nt
IN
A
IN
HINFO K62-400/128MB/4.0GB
me
IN
CNAME nt
www2
IN
A
IN
HINFO 2xP90/100MB/4.0GB
209.14.148.179
WIN95
209.14.148.180
WINNT
Diagnostic Tools
(use with discretion)
Dig
Nslookup
Whois (available at www.networksolutions.com)