1 / 42

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera. Course Policies. Class attendance is mandatory. Please arrive in class before the lecture begins.

petra
Télécharger la présentation

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to the InternetSpring2006Instructor: Arnoldo Herrera

  2. Course Policies • Class attendance is mandatory. Please arrive in class before the lecture begins. • Cheating and plagiarism are unacceptable.Plagiarismis “to use and pass off as one’s own the ideas or writing of another. It is an act of literacy theft”. If you cheat on a test or plagiarize other students work, you will fail the course. • The school policy on plagiarism declares: “Plagiarism is an illegal and unethical activity and will result in the student receiving a FAILING grade on the particular assignment and resubmission will not be allowed”. • Assignments must be submitted at the beginning of he class on the due date. (NOTE: No late assignments will be accepted. All submitted work must be original and must be YOUR OWN WORK). • Please turn off cell phones and beepers and refrain from background talking during class hours. Electronic devices are not allowed inside the classroom.

  3. Grading Final Grades

  4. The Internet Big Picture • Evolution of the Internet • exponential growth • World wide connectivity • Security Concept • Designed for trusted, cooperative users • All security must be handled by the application

  5. Introduction to Networks Network A collection of interconnected functional units providing data communications services among components attached to it. These components are comprised of both hardware and software To other networks Network Network To other networks

  6. Intrusion Detection “The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators....” • Effective defensive measures require accurate detection • Intrusion detection systems (IDS) are a critical component of a complete security infrastructure

  7. Internet Internal network IDS Firewall IDS

  8. A little technical detail • All Internet data is carried in chunks calledIP packets. (It’s a packet-switched network) • Packets are like postcards, they have: • a destination address, • a source address (unverified), • and a message (plainly visible). • Packets are also treated like postcards: • you send your packets into the network and it takes care of getting them to the destination address. • you don’t know what route your packet takes,

  9. Overview of TCP/IP Internals • The Protocols • • TCP/IP is a suite of protocols including TCP and IP, UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), and several others. • • TCP/IP protocol suite does not conform exactly to the Open System Interconnection's seven layer model, but rather is pictured as shown: FTP TELNET DNS NFS PING Application Layer TCP UDP Transport Layer IP ICMP Network Layer IP Packet Physical Layer

  10. Overview of TCP/IP Internals • • TCP - Transmission Control Protocol • • UDP - User Datagram Protocol • - Higher level protocol • - Use destination port numbers to identify specific TCP or UDP service • - Use source port numbers to distinguish between multiple sessions • - Standard destination ports • - FTP data - port 20 • - FTP control - port 21 • - Telnet - port 23 • - X11 (X-Windows) - port 6000 • - SMTP (Simple Mail Transfer Protocol) - port 25 • - Source ports are random above 1023

  11. TCP Connections • • TCP is a connection oriented protocol (UDP is not) • - TCP packets are sequenced • - TCP packets are acknowledged • - TCP packets are retransmitted, if necessary • • Example TCP connection handshake Client Server Syn (1000) Ack = 0 Syn(2000),(1001) Ack = 1 (2001) Ack = 1 . . .

  12. ISO Reference Model • Open Systems Interconnection (OSI) • • Describes computer network communications. • • Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver. • • Each layer represents a different activity performed in the actual transmission of a message. • • Each layer serves a separate function • • Equivalent layers perform similar functions for sender and receiver

  13. Application Presentation Session Transport Network Data Link Physical ISO Reference Model Presentation, Layer 6 Breaks message into blocks, text compression Optional encryption Application, Layer 7 Initiates message Optional encryption Session, Layer 5 Establishes user-to user session, header added to show sender, receiver and sequencing information, recover Transport, Layer 4 Flow control, priority service, information added concerning the logical connection Network, Layer 3 Routing, message blocking into packets, routing information added to blocks Data Link, Layer 2 Transmission error recovery, message separation into frames, optional encryption, header and trailer added for correct sequencing and error detection Physical, Layer 1 Physical signal transmission by individual bits.

  14. HTTP SSL TCP / IP Where Does SSL Live? • SSL resides above the TCP/IP and below HTTP protocols. Application Layer Network Layer

  15. What Does SSL Provide? • Server authentication • Client authentication (optional) • Data encryption (optional)

  16. What is Information Security? The Fundamentals: • Confidentiality (eavesdropping and data theft) • Integrity (data corruption and tampering) • Availability & Reliability (service denial and data loss) • Authentication

  17. Security Technology • Authentication • Cryptography for confidentiality and integrity • Perimeter Defense - Firewalls • Intrusion Detection Systems • Security Scanners - an audit tool

  18. Network Security Services • There is overlap between these areas. Note that ISO lists the following: • Non-repudiation, access control, authentication, data confidentiality, • and data integrity • Access control • Enforcement of security policy when requests for access are made • Information Confidentiality • Protection of information from unauthorized disclosure • Information Integrity • Protection of information from unauthorized modification • Authentication and Non Repudiation • Insure the proper authentication of active system entities. Prevents • impersonation or masquerading • Prevent the repudiation of prior events • - Proof of origin • - Proof of receipt • Availability • Insure that the network services are both available and of appropriate • quality

  19. Security Problem: Sniffing • Sniffing is the passive effort of eavesdropping on a network line. • A network card is put into “promiscuous mode” in order to read packets. • Several sniffer programs are available for various protocols.

  20. Security Problem: Sniffing • TCPDump – very popular, sophisticated. • Gobbler – MS-DOS based (can run in Windows 95, NT) • ETHLOAD – written for Ethernet as well as Token Ring networks with a variety of protocols (TCP/IP, DECnet, OSI, XNS, NetWare, NetBEUI). • Netman – offers a graphical model with updating network statistics.

  21. Security Problem: Sniffing 123.222.112.101 adskfjadqoeiubx 123.112.123.121 dfgouynmihpjm 222.231.122.232 nmn,nmxcvlkjd 123.112.123.121 dfgouynmihpjm 000101010101010101000010 123.222.112.101 adskfjadqoeiubx 123.112.123.121 dfgouynmihpjm 222.231.122.232 nmn,nmxcvlkjd 123.112.123.121 dfgouynmihpjm 0101010101010101010101110 010101010101010101010 01010101010101010101010101010101111101

  22. Security Problem: Sniffing • Countermeasures • Checking for promiscuous interfaces on a workstation. • Log files that are generated are usually large. • Active hubs • Encryption • Kerberos (secret key based service for providing authentication) • Ssh • Deslogin • swIPe • One-time passwords

  23. IP Spoofing • IP Spoofing takes place when an intruder transmits packets from outside a trusted environment. • The source IP address field contains an address of a trusted internal host.

  24. IP Spoofing

  25. IP Spoofing • IP Spoofing is a problem that is based on the lack of source authentication in version 4 of the Internet protocol. • A great deal of applications trust packets based on the source IP address. • Coupled with this trust, two assumptions exist which enable “spoofed” packets:

  26. IP Spoofing (Assumption) • The source IP address must be valid if the packet was able to route itself to a destination and route itself back to the source (with source routing turned off)

  27. IP Spoofing (Assumption) • The connection is valid if the sender is able to maintain a conversation on the TCP level. Sender Application Transport Internet

  28. Filename: ~rcg/.rhosts boxB.host.net boxB.host.net boxC.host.net Trusted-Path boxA.host.net boxC.host.net IP Spoofing • An attack is only possible if the target host has a trust-relationship with at least one other host.

  29. IP Spoofing: Countermeasure • Properly configured firewalls capable of packet filtering provide the best means of defense against the IP spoofing attack.

  30. IP Spoofing • IP spoofing alone is mostly limited to providing anonymity for attacks that occur at the IP layer. • To perform an attack, IP spoofing must be combined with another strategy (e.g., sequence number prediction).

  31. Security Problem: TCP Sequence Number Prediction • TCP sessions are attacked through sequence number prediction. • Sequence numbers ensure that the application layer receives data in the same order that it was sent.

  32. TCP Sequence Number Prediction

  33. TCP Sequence Number Prediction • Segments are encapsulated within IP datagrams and there is no guarantee that the datagrams will follow the same route.

  34. TCP Sequence Number Prediction • The main vulnerability is that if an attacker can guess the correct sequence number, the target host’s TCP layer is capable of accepting any generated TCP segments from the attacker.

  35. TCP Sequence Number Prediction • TCP three-way handshake and data transfer.

  36. Hijacked Host Attack Host Target Host SYN = 2000 Start of 3-way handshake SYN = 6587, ACK = 2001 ACK = 6588 End of 3-way handshake DATA= 2001 DATA= 2007 DATA = 2008 ACK = 2008 “ACKs” are Ignored DATA= 2008 DATA = 2014 “DATAs” are Ignored ACK = 2015 “ACKs” are Ignored TCP Session Hijack Session is now hijacked

  37. TCP Hijacking • TCP hijacking is used to dominate any TCP based application (e.g., rlogin, FTP, etc.).

  38. TCP Hijacking: Countermeasures • Block all IP datagrams from the Internet that are source routed. • Block all IP datagrams that have source addresses originating from the internal network. • Eliminate all trust relationships between hosts that communicate across the Internet that do not use strong authentication and cryptography (i.e. .rhosts)

  39. Denial of Service • Denial of service (DoS) is the class of attack designed to prevent the legitimate use of computers and networks. • It is an attack on the availability entity which has the most vulnerability. • These attacks are usually part of a larger plan…

  40. File Destruction Process Degradation Storage Degradation Process/System Shutdown Full Denial of Service Attack Feints

  41. File Destruction Denial of Service • Access to user, host or network files can render them unusable. Effects include: loss of accounts, services, etc. Viruses containing payloads of destruction as well as email offer attacks. Usenet newsgroups and BBS are also targets.

More Related