Security Policies - University of Sunderland

Download Report

Transcript Security Policies - University of Sunderland

Packet Protocols
University of Sunderland
CSEM02
Harry R. Erwin, PhD
Resources
• Zwicky, et al., 2000, Building Internet
Firewalls, 2nd edition, O’Reilly
• Tittel, et al., 2004, CISSP Study Guide, 2nd
edition, SYBEX.
OSI (Seven Layer) Model
Application (7)
Presentation (6)
Encapsulation
Session (5)
Transport (4)
Network (3)
Data Link (2)
Physical (1)
Deencapsulation
OSI Elements
Application (7)
Presentation (6)
Message
Session (5)
Transport (4)
Segment
Network (3)
Packet or Datagram
Data Link (2)
Frame
Physical (1)
Bits
What Does a Packet Look Like?
• Onion skins by layer
• At each layer, a packet consists of a header
and a body.
• The header contains protocol information
• The body is the data at that layer.
• Higher layers provide data to lower layers
• This process is called encapsulation.
Physical Layer
• Typical standards include:
–
–
–
–
–
–
EIA/TIA-449
X.21
HSSI
SONET
V.24
V.35
Data Link Layer
• Typical standards include:
–
–
–
–
–
–
–
–
SLIP
PPP
ARP
RARP
L2F
L2TP
PPTP
ISDN
Data Link Protocol Elements
• Hardware source and destination addresses
(MAC address in six bytes)
• Switches and bridges function at this layer.
• Transfer frames
Network Layer
• Typical standards include:
–
–
–
–
–
–
–
–
–
–
ICMP
RIP
OSPF
BGP
IGMP
IP
IPSec
IPX
NAT
SKIP
Network Layer Responsibilities
• Routing and delivery information (IP
addresses, e.g.)
• Error detection and traffic control
• Not reliable delivery
• Handled by routers
Transport Layer
• Also known as message layer
• Responsible for reliable delivery of
messages.
• Typical standards include:
– TCP
– UDP
– SPX
• Managed by handshakes
Session Layer
• Responsible for establishing, maintaining, and
terminating sessions.
• Operates in simplex, half-duplex, and full-duplex
control modes
• Protocols include
–
–
–
–
–
SSL
TLS
NFS
SQL
RPC
SYN/ACK Three-Way
Handshake
•
•
•
•
•
Used to initiate communications sessions
Client sends a SYN packet to the server
Server responds with a SYN/ACK packet
Client then responds with an ACK packet.
To close a session, use FIN, FIN/ACK,
ACK
• Can you see the potential for a Denial of
Service attack?
Presentation Layer
• Transforms data from/to the formats used
by layers 1-5.
• Decompression
• Encryption
• Standards include:
• ASCII, EBCDIC, TIFF, JPEG, MPEG,
MIDI, etc.
Applications Layer
• Protocols include:
–
–
–
–
–
–
–
–
–
–
HTTP
FTP
SMTP
TELNET
EDI
POP3
IMAP
SNMP
NNTP
SET
TCP/IP Model
OSI
TCP/IP
Application (7)
Presentation (6)
Process Application
Session (5)
Transport (4)
Host-to-Host
Network (3)
Internet
Data Link (2)
Physical (1)
Network Access
History of TCP/IP
• Prior to OSI (OSI was designed based on
TCP/IP)
• The internet standard
• Network access controls physical
transmission; internet, packet transmission;
host-to-host, message transmission; and
process application, connections.
TCP and UDP
• TCP is connection-oriented, full duplex, reliable
virtual circuits. Segments are sequenced, allowing
retransmission upon request.
• UDP is connectionless, best effort. No error
detection or correction, no sequencing. Fast.
• Uses ports (0-65535).
• Ports 0-1023 are the service ports, providing
more-or-less standard services.
• Ports 1024-65535 are allocated as needed.
TCP Guarantees
1. The destination will receive the application data
in the order it was sent.
2. The destination will receive all the application
data.
3. The destination will not receive duplicated data.
• TCP will drop a connection if it must violate any
of these guarantees.
• All you need to do is block the first packet of the
connection.
Network Layer
• IP, ICMP, IGMP, and NAT
• IP alone does not provide guaranteed packet
delivery or ordering. It must be used with TCP for
that.
• ICMP is used for network management and health
monitoring.
• IGMP is used for multicasting
• NAT (Network Address Translation) is used to
allow private use of IP addresses without colliding
with the public use. Incompatible with IPSec.
Data Link Protocols
•
•
•
•
•
•
TELNET on port 23
FTP on ports 20 and 21
SMTP on port 25
POP3 on port 110
SNMP on port 161
Etc.
TCP/IP/Ethernet Example
• At the Ethernet layer, you have a header and
a body
• The header contains the Ethernet (or MAC)
address of the local source and local
destination.
• Other protocols can be used instead of
Ethernet. See RFC 1149, dated 1 April
1990, which defines the ATP.
IP Layer
• Four interesting pieces of information:
–
–
–
–
IP source address (4 bytes)
IP destination address (4 bytes)
IP protocol type (type of packet)
IP options field—usually empty. Used for break-in
attempts and network debugging (very rarely).
• Header occupies six bytes, followed by the packet
data. Most networks have a length limit, so IP
packets can be subdivided into fragments, each
with a copy of the header.
TCP Layer
• Three interesting pieces of information:
– TCP source port
– TCP destination port
– TCP flags
•
•
•
•
•
•
SYN (set in the first and second packets of a connection)
FIN (finish, i.e., close gracefully)
ACK (unset only in the first packet of a connection)
URG (urgent)
PSH (push, i.e., flush buffer)
RST (reset, i.e., close ungracefully, or simply ‘go away’)
IPv6
• The internet is running out of IP addresses.
• New version of IP to address this and other
problems, including:
–
–
–
–
Encryption
Cryptographic authentication
Source routing
Dynamic configuration
• Implies packet filters will have to be smarter.