1 / 18

TCP/IP from a Security Standpoint

TCP/IP from a Security Standpoint. CS-480b Dick Steflik. TCP/IP Guru-ism. You don’t have to know all of the details You do need to know your system What services it is providing What protocols are involved What vulnerabilities is has How to minimize the risks. Why TCP/IP ?. Packet based

ima-hess
Télécharger la présentation

TCP/IP from a Security Standpoint

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TCP/IP from a Security Standpoint CS-480b Dick Steflik

  2. TCP/IP Guru-ism • You don’t have to know all of the details • You do need to know your system • What services it is providing • What protocols are involved • What vulnerabilities is has • How to minimize the risks

  3. Why TCP/IP ? • Packet based • Provides decentralized control • Devices are peers • Its routable • Independent of transmission medium • Open standard • Free • Robust • Flexible • Pragmatic

  4. Physical Layer • Three major categories based on connection behavior • Dial-up • temporary point-to-point • WAN and MAN • premanent point-to-point • LAN • two or more devices communicating over a shared broadcast media

  5. Dial-up • Dial-up (and modems) • Temporarily connected point-to-point • uses telephone infrastructure • audio frequency modems • vulnerabilities • Cannot provide physical security along entire communications path • Cables are usually run through public infrastructure making physical security almost impossible • Peel back the insulation on the wire and connect alligator clips • Telephone connection panel in basements of buildings • Easy to just clip on to the connections • Punch panels • Screw terminal connections

  6. WAN and MAN • WAN and MAN • Constantly connected point-to-point • uses telephone backbone, microwave, radio, fiber optic • dedicated digital leased lines • specially conditioned telephone lines (guaranteed quality) • 56Kbps - 9.95 Gbps • T1 - 56Kbps • T2 - 6.312 Mbps • T3 -44.736 Mbps • OC1 51.84 Mbps • OC48 - 2488 Mbps • OC192 - 9.95 Gbps • CSU/DSU - Carrier Set Unit / Data Set Unit (connection device) • can be routed like a layer 3 protocol

  7. WAN and MAN (more) • Vulnerabilities • Because much is done using radio and microwave links interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is overall less reliable due to environmental issues • Remedy • Encrypt the data before placing it on an unsecured links like radio, microwave laser

  8. LAN • Two or more network devices communicating over a shared broadcast media • local area, shared communications medium • Ethernet, Token-ring, FDDI • Vulnerabilities • Because much is done using radio and microwave links interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is overall less reliable due to environmental issues • Remedy • Encrypt the data before placing it on an unsecured links like radio, microwave laser

  9. Dial-up • Temporary connections • Established as needed • Cannot provide physical security along entire communications path • Cables are usually run through public infrastructure making physical security almost impossible • Peel back the insulation on the wire and connect alligator clips • Telephone connection panel in basements of buildings • Easy to just clip on to the connections • Punch panels • Screw terminal connections

  10. Modems • Convert low speed digital signals to audio or phase encoded signals for transmission through the public access telephone system, • Most consumer used modems work over unconditioned analog lines on the public access telephone system • Vulnerabilities • Because of the public access, hard to secure against physical tampering • Tap on with another modem and listen as the data goes by • Remedy • Encrypt data on the computer side of the sending and receiving modems

  11. ISDN • Integrated Services Digital Network • a system of digital phone connections that allows data to be transmitted simultaneously across the world using end-to-end digital connectivity. • Available for > 10 years • Data is sent digitally unlike modems • Uses a Terminal Adapter rather than a modem • Must be with-in 18000 ft. to telco facilities • > 18000 ft.requires expensive repeaters • 16 or 64 kbps depending on service type • Vulnerabilities • Same as modems, physical security • Remedy • encryption

  12. Data Link Layer • IEEE views the OSI Data Link Layer as 2 layers • Media Access Control (MAC) Sublayer • Translates generic network requests into device specific terms • Logical Link Control (LLC) Sublayer • Provides the operating system link to the device driver

  13. Media Access Control • This is the actual device driver that controls the NIC • Reporting of and setting of device status • Packaging of outgoing data from the LLC layer • Sending of outgoing data • Receiving of incoming data • Unpacking of incoming data, error checking and passing data to LLC layer • MAC addresses are burned into the NIC and should be globally unique (by OEM agreement) • But they are of local scope to the LAN, LAN protocols like ethernet and token-ring have no provisions to pass data from one LAN to another; so a LAN should always see unique MAC addresses

  14. Ethernet • Framing • 6 byte Destination address (MAC address) • 6 byte Source address (MAC address) • 2 byte type (of packet in payload) • 0800 – IP Datagram (46-1500 bytes) • 0806 – ARP packet (28 bytes data+18 bytes of padding)) • 0835 – RARP packet (28 bytes + 18 bytes of padding) • 4 byte CRC • Remember, the ethernet information will always stay local to the LAN; it’s the IP, ARP or RARP packet that will move it from LAN to LAN and across the Internet

  15. PPP • Designed to support multiple network types over the same serial link • Supersedes SLIP (Serial Line Internet Protocol) • Framing • 5 byte header • 7E FF 03 (constant) • 2 byte type field • 0021 – IP Datagram • Link control packet – C021 • Network control data - 8021

  16. Link Establishment Subversion • Hacker can use call forwarding to forward an incoming call to the hackers phone number • Since Windows supports other network protocols (NetBEUI, IPX, IP over PPP) the hacker can then attempt to use one of those protocols to break into the calling machine • Dial-up connections via cell phones can be hijacked right out of the air with a proper receiver • Harder to do with digital cell phones

  17. Media Access Subversion • Its up to the MAC to reject all but the packets destined for that machine a hacker can put their MAC/NIC into promiscuous mode and receive all packets on the LAN • Most device drivers don’t support this mode so to do this a new device driver must be introduced • It’s a good idea to every once in a while to scan all of the machines on your network looking for any machines that might be running promiscuously • Find out why they are running in promiscuous mode • Fix it

  18. Logical Link Control • OS control of the Device Driver • Multiple instances of driver for multiple NICs • Multiple Device drivers for different kinds of devices • Windows – NDIS • UNIX – character mode device specification

More Related