sec overview
Download
Report
Transcript sec overview
Internet and Network Security
Introduction to Network Security
Internet and Network Security
What you should be able to do
Describe the types of security attacks
Identify the scope of the security problems
Identify the need for establishing a security
policy
Identify the need to establish a required
point of access for security purposes
Overview
Internet overview
Describe the types of security attacks
Identify the scope of the security problems
Identify the need for establishing a security
policy
Identify the need to establish a single point
of access for security purposes
What is the internet ?
50 Million Plus users
e-mail
Usenet
WWW
Info super-highway
e-commerce
Collection of networks
How the internet is Funded in the
US
Internet Services Provider (local)
National Service Provider
Educational or Research Networks
Regional or State Networks
Commercial Backbone Networks
Network Access Points
Internet Security
Prevents unauthorized network access to
resources
Authorizes own personel to use the Internet
Increasing use of cryptography to insure:
- Privacy
- Authentication
- Integrity
Complements system security
Types of Attacks
Intrusion
Gaining Access
Using the System
Denial of Service
Preventing the use of resources
Sabotage
Flooding a service or system
Information theft
Sniffing
The Magnitude of Security
Problems
US Governement
“The US DOD expereinced 260,000 computer system attacks last year. In nearly twothirds of the cases, attackers gained entry to the agency’s computer networks, according
to a report by the Rand Corp.” IEEE Computer July 1996
Private Industry
- According to a survey of 1,320 companies by Information Week/Ernst Young:
78% lost money from security breaches
63% suffered losses from viruses
32% lost money from inside hasckers
73% have no more than three people on secuirty
Information Week, October 21, 1996
Don’t Forget
80% of break-ins are with passwords
Poor System Configuration
File system protection
Physical security
Internal Security
Tapes, Floppies
Modem Access
Security Policy
Set of Rules
What is the proper use of resources
Follows from the organizational needs
Determines firewall design
Management should issue a security policy
Get RFC 1244 “Site Security Handbook”
Providing Controlled Access
Point
Providing Controlled Access Point
Firewall
Corporate
ip Network
Internet
TCP/IP Protocols Overview
What this section is about
This section review the TCP/IP protocol headers and their exposure in
terms of security
What you should be able to do
Describe the following concepts in relation to security
Layering
Physical Layer
IP Layer
IP routing
ICMP
TCP/IP Protocols and Layers
Applications
Applications
Transport
TCP/UDP
Internet
IP
Network Interface
and Hardware
ICMP
ARP/RARP
Network Interface
and Hardware
Layering Example: TFTP
In each layer the payload contains a header and the payload of the layer above. The
TFTP data contains for example 400 bytes of file data. The application protocol adds a
TFTP header, which is 4 bytes large. TFTP uses UDP, so UDP header is presented. A
UDP header is 8 bytes large. The IP header adds another 20 bytes. Finally, an Ethernet
header and trailer are added. Those are 14 and 4 bytes large. If an IP packet arrives
whose length is smaller than the combined length of all higher headers, the packet is of
no use. If this happens as a result of some malicious intent, this is called the “tiny
fragment” attack”
File data
tftp
udp
ip Header
Ethernet header
Ethenet trailer
IP Header
Version Length Type of Service
Identification
TTL
Total Length
Flags Fragment Offset
Protocol
Header Checksum
Source IP Address
Destination Address
Options
IP Options
Intended for special handling above and beyond typical
situations
Many options obsolete
Field is typically empty
Source routing option specifies route instead of routers
- Theory: useful in broken routing environment
- Practice: used by hackers to circumvent security measures
Recommendation: drop packets with IP option set
IP Adresses
0
Network
Host
10
Network
Host
B From 128 to 191
110 Network
Host
C From 192 to 223
A Less than 128
Fragmentation
DF = don’t fragment
MF = more fragments
Accommodates dissimilar networks
Fragment as you go
Copy IP header, ID, and compute new (relative) offset
Reassemble redone at the destination system using
Source address
ID
Offset, last fragment has MF=0
Proceeding process is CPU intensive
IP Forwarding
Routers manage internal routing tables
Each datagram inspected by router for destination address
Router searches Database to determine which interface to
forward the datagram
IP Forwarding Principles
Each packet is forwarded separately
Many hops: form router to router
Router forwards IP packet to next hop
Based on routing table
Packets may be fragmented
Reassembly done by destination host
Router overload - packet is dropped
TTL - Time to Live field avoids infinite
loops (decreased at each hop)
Routing Protocols
Every router knows optimal path through network
This is used to compute the routing table
Routing protocols distribute routing information
RIP (Routing Information Protocol)
OSPF (Open Shortest Path First)
Risk - your router is sent false routing information
Don’t allow any routing protocol through firewall
Firewall uses static routing
ICMP Messages
Internet Control Message Protocol
Network error messages do not make IP more reliable
Essential when diagnosing network problems
Each Message includes a type field and related code field
Threat - bogus ICMP messages or broadcast storms when
something is wrong
ICMP Messages
Message type
Message type 3 code
o echo reply
0 Net unreachable
3 Dest unreachable
1 Host unreachable
4 Source quench
2 Protocol unreachable
5 Redirect
3 Fragment needed and DF
set
6 Echo
5 Source route failed
9 Router advertisement
10 Router solicitation
11 Time exceeded
12 Parameter problem
13 Timestamp
15 Information request
16 Information Reply
Port Mutiplexing
Named
53
Telenet
23
UDP
Sendmail
25
TCP
IP
Data link
physical
Httpd
80
Socket Interface
Socket interface to TCP/IP
Socket system call
Create, bind to address
Use file descriptor such as read, write, close
TCP Connection
Localhost, local port
Remotehost, remoteport
TCP Reliable Connection
Detection of lost data, or dat received twice
Retransmissions of lost IP packets
Sequence number in TCP header
Each byte is numbered and acknowledged
ACK (sequence number) in every packet except the first
Retransmissions of lost IP packets
Flow Control
Window size
Number of permitted outstanding (non acknowledged) bytes
Client/Server Applications with TCP
Server (“daemon”) listens on a “socket” (port)
Client connects to that port
TCP three way handshake
SYN
SYN, ACK
ACK
Establishes a connection
Bi-directional connection
Parties can read/write from/to socket
Name Services (DNS)
“www.company.com” > 123.45.67.89
telnet host.company.com
mail [email protected]
UDP- based:vulnerable
Exposed internal configuration