EE579S Computer Security
Download
Report
Transcript EE579S Computer Security
EE579T
Network Security
2: Networks and Protocols
Prof. Richard A. Stanley
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #1
Course Web Page Works!
• Outside WPI:
ece.wpi.edu/www/httpdocs/courses/ee579t
• From inside WPI network:
\\ece-www\www\courses\ee579t
• Slides will be posted to the page before
class, barring any unfortunate problems
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #2
Overview of Tonight’s Class
• Review last week’s lesson
• Look at network security in the news
• Networks and protocols
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #3
Last Week...
• Computer security is the bedrock on which
network security rests
• Policy is essential: if you don’t know where
you are going, you can’t get there
• This is a hard problem, lacking many
formal proofs as its foundation
• Absolute security does not exist!
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #4
Once more...
• Computer security deals with making a
single computer secure
– We’ll talk about what “secure” means later
– This has been the focus of most formal research
• Network security deals with securing a
group of interconnected computers
– Which is what nearly all computers now are
– Critically important issue
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #5
Network Security Last Week-1
• Travelocity.com exposes tens of thousands
of customer records on their web server
• Vandalized web pages up to 5,800 in 2000,
vs. 3,800 in 1999.
– Growing sophistication of attacks
– Leave-behind code creates zombies on call
• OpenHack III
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #6
Network Security Last Week- 2
• Hacktivism: teenager part of worldwide
attempt to “take down the Internet”
• Numerous web site defacement attacks
– President of Bulgaria
– Coordinated attacks on government sites in
U.S., U.K., Australia
• New version of the Melissa virus attacks
Macs, needs new fix
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #7
Network Security Last Week- 3
• Experienced systems administrator puts
newest server on-line.
– Three days later, server taken over by intruder
– Reason: failure to keep patches current
• “Mafiaboy” pleads guilty to conducting
DoS attacks against eBay, Yahoo, Amazon,
Dell, others
• Microsoft web sites inaccessible
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #8
Networks
• A network is an interconnected group of
communicating devices.
• Two primary network types
– Circuit-switched (connection oriented)
– Packet-switched (connectionless)
• Span
– WAN, MAN, LAN
– So what?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #9
Star Topology
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #10
Buss Topology
Buss
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #11
Ring Topology
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #12
Two Network Technologies
• Token ring
– Users remain silent until they receive token
– Pioneered by IBM, not widely used
• Ethernet
–
–
–
–
Carrier-sense, multiple access/collision detect
Binary exponential backoff on collision sense
This is a radio network!
Most widely used architecture today
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #13
Ethernet Overview
• Often defined by wiring type
–
–
–
–
Thicknet (10Base5)
Thinnet (10Base2)
Twisted pair (10BaseT)
Fiber (10BaseFL)
• Architecture (usually)
– Physical star
– Logical buss
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #14
Ethernet Misconceptions
• The faster the network speed, the faster I
can work
• “Just hook it up and go”
• All ethernets are created equal
• IEEE 802.3 = Ethernet
• Ethernet maps to the internet
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #15
CSMA/CD Throughput
Signaling speed
~40%
Throughput
Users
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #16
Ethernet Frame
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #17
Ethernet Addresses
• 48 bits long
• Address space managed by the IEEE
• Usually fixed in hardware at time of
manufacture
• Hardware must recognize at least it’s own
physical address and the network multicast
address, and possibly alternate addresses
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #18
Other Network Technologies
• Fiber-Distributed Data Interconnect (FDDI)
– Self-healing, 100 Mbps dual ring
• Synchronous Optical Network (SONET)
• Asynchronous Transfer Mode (ATM)
– Can operate at gigabit speeds, 53 byte packets
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #19
The ARPANET
• Father of the Internet
• Began as an attempt to conduct research to
ensure continuity of communications after
nuclear war, so
– Connectionless
– Assured delivery
– Self-reconfiguring (sort of)
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #20
Internet Properties
• Universal interconnection
• Universal communications service,
platform-independent
• No mandated interconnection topology
– Connecting a new network should not mean
connection to centralized site or direct
connection to all existing networks
• Universal set of machine identifiers
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #21
Internet Architecture
Net 1
Spring 2001
© 2000, 2001, Richard A. Stanley
R
WPI
Net 2
EE579T/2 #22
Extended Internetworking
Net 1
R
Net 2
R
Net 3
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #23
Key Concepts
• Networks are interconnected by routers or
gateways
• Routers route a packet using the destination
network address, not the destination host
address
• All networks are equal
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #24
Some Terms
• TCP = transmission control protocol
• IP = internet protocol
• These protocols have become widely used
outside the formally-defined internet
• They have some serious flaws, but they
work
– Think of RS-232 as an analogy
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #25
IP Addressing
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #26
Class Discrimination
• Address space is 32 bits long
– Therefore, at most 232 possible addresses (or
4,294,967,296 in decimal notation)
• Easy to extract netid from address
• There is not a one-to-one correspondence
between IP addresses and physical devices
– Consider the router
• Address with hostid=0 refers to network
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #27
IP Addressing Weaknesses
• If a host moves to another network, its IP
address must change
• If a network grows beyond its class size (B
or C), it must get a new address of the next
larger size
• Because routing is by IP address, the path
taken by packets to a multiple-addressed
host depends on the address used
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #28
IP Address Presentation
• Usually done in dotted decimal, e.g.,
10000000 00001010 00000010 00011110
is usually written as
128.10.2.30
• What class of network address is this?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #29
Address Limits
Class
A
B
C
D
E
Spring 2001
© 2000, 2001, Richard A. Stanley
Lowest Address
0.1.0.0
128.0.0.0
192.0.1.0
224.0.0.0
240.0.0.0
WPI
Highest Address
126.0.0.0
191.255.0.0
223.255.255.0
239.255.255.255
247.255.255.255
EE579T/2 #30
Special Purpose Addresses
• 0.0.0.0
• 255.255.255.255
Addresses current host
Addresses hosts on
current network
• Host bits zero
Identifies a network
• Host bits one
Addresses hosts on
addressed network
• Network bits zero Addresses specific host
on current network
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #31
Reserved Addresses
• First Quad=127 is used for loopback
– Traffic doesn’t leave the computer
– Routed to the IP input queue
– Usually see 127.0.0.1
• Unregistered addresses
– Class A
– Class B
– Class C
Spring 2001
© 2000, 2001, Richard A. Stanley
10.0.0.0 thru 10.255.255.255
172.16.0.0 thru 172.31.255.255
192.168.0.0 thru 198.168.255.255
WPI
EE579T/2 #32
Ports and Sockets
• Ports are associated with services, e.g.,
– Port 53 is usually the domain name service
(DNS)
– Port 80 is usually the hypertext transfer
protocol service
• A socket is the combination of an IP address
and a port, e.g. 192.168.2.45:80
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #33
Address Registration
• Internet Assigned Number Authority
(IANA) has ultimate control, sets policy
• Internet Network Information Center
(INTERNIC) provides addresses to
organizations that have joined the internet
• Only essential to register addresses that
appear on the global network, but
registration is preferred
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #34
Routing
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #35
Protocols
• A protocol is simply an agreed-upon
exchange of information required to
perform a given task
• Networks utilize protocols to accomplish all
the important tasks they perform
• Layered protocols are common
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #36
How Does It All Work?
• ARP maps internet to physical addresses
• RARP determines IP address at startup
• IP provides connectionless datagram
delivery
• ICMP handles error and control messages
• UDP defines user datagrams
• TCP provides reliable stream transport
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #37
ISO Protocol Model
TCP/IP
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #38
Protocol Layering
• Refers to a protocol running on top of
another protocol
• Layered protocols are designed so that layer
n at the destination receives exactly the
same object sent by layer n at the source
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #39
How Protocol Layering Works
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #40
Protocol Layering & Internet
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #41
Important Boundaries
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #42
TCP
• Assumes little about underlying network
• Reliable delivery characteristics:
–
–
–
–
–
Stream orientation
Virtual circuit connection
Buffered transfer
Unstructured stream
Full duplex connection
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #43
Positive Acknowledgement
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #44
Positive Acknowledgement
With Lost Packet
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #45
Sliding Window
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #46
Positive ACK With Sliding
Window
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #47
TCP
• A communications protocol, NOT a piece of
software
• Provides
–
–
–
–
Data format
Data acknowledgement for reliable transfer
How to distinguish multiple destinations
How to set up and break down a session
• Very complex
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #48
Conceptual TCP Layering
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #49
Round Trip Delays
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #50
Delays: So What?
•
•
•
•
How do you slide the window?
How do you back off on collision detect?
How do you respond to congestion?
…etc.
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #51
Establishing TCP Session
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #52
Ending TCP Session
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #53
TCP State Machine
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #54
Other Network Protocols
•
•
•
•
•
•
NetBIOS
NetBUI
IPX
X.25
ATM
Message: TCP/IP is not the only show in
town
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #55
Summary
• Networks come in two sorts: circuitswitched and packet-switched; most
computer networks are the latter
• Sophisticated protocols are required for
network communications
• Internetworking is key to modern networks
• TCP/IP is the dominant protocol, but not the
only one
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #56
Homework - 1
1. What is the single greatest advantage of
having the IP checksum cover only the
datagram header and not the data? What is
the disadvantage?
2. Exactly how many class A, B, and C
networks can exist? How many hosts can a
network in each class have?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #57
Homework - 2
3. How many IP addresses would be needed
to assign a unique network number to every
home in the U.S.A.? Is the address space
sufficient?
4. What is the chief difference between the IP
addressing scheme and the North American
Numbering Plan used for telephone
numbers?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #58
Homework - 3
5. Complete routing tables for all routers
shown on slide 35.
6. Can you think of any security issues,
hardware or software, that arise from what
you have studied so far?
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #59
Assignment for Next Week
• Read course text, Chapters 4 and 5
• Next week’s topic: Topology and Firewall
Security
Spring 2001
© 2000, 2001, Richard A. Stanley
WPI
EE579T/2 #60