1 / 31

ITP 457 Network Security

ITP 457 Network Security. Networking Technologies II UDP, IP, and NAT. Overview. UDP IP NAT. UDP. UDP – User Datagram Protocol Also member of TCP/IP TCP and UDP are cousins An application developer can choose to transmit data using either TCP or UDP

yoshio-mosley
Télécharger la présentation

ITP 457 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITP 457Network Security Networking Technologies II UDP, IP, and NAT

  2. Overview • UDP • IP • NAT

  3. UDP • UDP – User Datagram Protocol • Also member of TCP/IP • TCP and UDP are cousins • An application developer can choose to transmit data using either TCP or UDP • Both protocols cannot be used simultaneously in an application

  4. UDP Characteristics • Connectionless – the protocol doesn’t know or remember the state of a connection • Does not have concept of • Session initiation • Acknowledgement • No error checking – does not retransmit lost packets nor does it put them in proper order

  5. UDP • UDP also called: “Unreliable Damn Protocol” • It is inherently unreliable • Unreliability is ok – IF it can buy you SPEED! • Some applications more interested in getting packets across the network and don’t need super high reliability. • Good protocol for a large number of connections

  6. UDP • Services that use UDP are • Streaming Video/ Audio • DNS queries • Online Games • Voice-over-IP (VoIP) • DHCP • DNS • SNMP • RIP

  7. UDP header UDP source port UDP destination port Message Length Checksum Data

  8. UDP Ports • UDP – 65,535 ports • Some typical ports: • 53 – DNS (Domain Name Server) • 67 – DHCP (Dynamic Host Control Protocol) • 69 – TFTP (Trivial File Transfer Protocol) • 161 – SNMP (Simple Network Management Protocol) • 514 – Syslog • 6112 – Battle.NET • 14567 – Battlefield 1492 • 26000 – Quake Server • 27015 – Halflife Server • For a searchable database of known ports: • http://www.ports-services.com/

  9. IS UDP less secure than TCP? • YES! • Absence of three-way handshake implies no Sequence numbers or no control bits. • Difficult for firewalls and routers to track where the ends systems are in their communications • We cannot completely turn off UDP, due to some of the necessary protocols that use UDP

  10. Internet Protocol( IP) • IP handles end-to-end delivery • Most commonly used network layer protocol • All traffic on the internet uses IP

  11. Internet Protocol ( IP) • Upon receiving packet from Transport layer, IP layer generates a header • Header includes : source and destination IP addresses • Header is added to front of TCP packet to create a resulting IP packet. • Purpose of IP is to carry packets end to end across a network.

  12. IP header Source IP address Destination IP address Data

  13. IP addresses • Identify each individual machine on the internet • 32 bits in length • Hackers attempt to determine all IP address in use on a target network – “network mapping” • Hackers generate bogus packets appearing to come from a given IP address – “IP address spoofing”

  14. IP Addresses in depth • 32 bits, with 8 bit groupings • E.x: 192.168.0.1 • Each number between the dots can be between 0 and 255 • 4 billion combinations • Not really • Allocated in groups called address blocks • 3 sizes, based on the class of the address • Class A, Class B, and Class C

  15. Class A Addresses • Giant organizations • There are no more available • All IP addresses are of the form: 0 – 126.x.x.x x can be between 0 and 255 • The first octet is assigned to the owner, with the rest being freely distributable to the nodes • Has a 24 bit address space • Uses up to half of the total IP addresses available!!! • Who owns these??? • Internet Service Providers • Large internet companies • Google, CNN, WB

  16. Class B Addresses • Large Campuses or Organizations • Example: Colleges, including USC • These are running out!!! • All Class B Addresses are of the form: 128 - 191.x.x.x Where x can take any number between 0 and 255 • The first two octets are assigned to the address block owner, with the last two being freely distributable • Example: 128.125.x.x  USC • Example: 169.232.x.x  UCLA • 16-bit address space • ¼ of all IP addresses belong to Class B Addresses

  17. Class C Addresses • Small to mid-sized businesses • A fair number left • All Class C Addresses have the following format: 192-232.x.x.x • The first three octets are assigned, with the last being freely distributable • Only 253 distributable addresses within a Class C Address

  18. Reserved Addresses • Private Networks (no public connections) • 10.x.x.x • 172.16.x.x • 192.168.x.x • 127.x.x.x – local network (loopback) • 255.255.255.255 – broadcast – sends to everyone on the network

  19. Netmasks • IP address has 2 components • Network address • Host address • Determined by the address and the class of the address • Example (Class C): • IP Address: 192.168.3.16 • Network address: 192.168.3 • Host address: 16

  20. Packet Fragmentation • Various transmission media have different characteristics • Some require short packets others require longer packets • E.g. satellite – longer packets • Local LAN – shorter packets

  21. Packet Fragmentation • To optimize packet lengths for various communication links, IP offers network elements (routers and firewalls) the ability to slice up packets into smaller pieces, a process called fragmentation. • The end system’s IP layer is responsible for reassembling all fragments • Hackers use packet fragmentation to avoid being detected by Intrusion Detection Systems

  22. Lack of Security in IP • IP version 4 does not include any security • All components of packets are in clear text, nothing is encrypted • Anything in the header or data segment can be viewed or modified by the hacker • TCP/UDP Hijacking • “Man-in-the-middle” attack

  23. ICMP • ICMP – Internet Control Message Protocol • It is the Network Plumber • Its job is to transmit command and control information between networks and systems

  24. ICMP examples • “ping” request = ICMP Echo message • If the “pinged” system is alive it will respond with ICMP Echo Reply Message • Try pinging • www.google.com • www.yahoo.com • www.cnn.com • Will they all work? • Some sites have disabled ping. Why? • Ping-of-death  a ping too big • Ping flooding  type of denial-of-service attack

  25. Routers and packets • Routers • Transfer packets from network to network • They determine the path that a packet should take across the network specifying from hop to hop which network segments the packets should bounce through as they travel across the network • Most networks use dynamic routing • RIP, EIGRP • We will be discussing these technologies later in the course

  26. Network address translation • NAT • Blocks of addresses are allotted to ISP’s and organizations • Classes of IP Addresses • What happens when we have more computers than IP Addresses? • We have a Class C address – allows 253 computers • Our organization has 1000 computers • What do we do???

  27. Solution? • Reserve a range of IP addresses to build your own IP network • 10.x.y.z - un-routable IP addresses • 172.16.y.z • 192.168.y.z • How to connect these machines to Internet?

  28. Network Address Translation • Use a gateway /router to map invalid addresses to valid IP addresses • Translates your local address to a routable address • Router receives one IP Address • Either dynamically assigns addresses to all the nodes behind the router, or it is assigned statically using non-routable addresses • If dynamic, uses DHCP (Dynamic Host Configuration Protocol) • When someone inside the network wants to access a computer outside the local network (the internet), the request is sent to the router, which uses NAT to send the request to the internet

  29. NAT and security? • Does NAT improve security? • It hides internal IP addresses from hacker • NAT must be combined with “firewalls” for optimum security

  30. Firewalls

  31. Firewalls • Network traffic cops • Tools that control the flow of traffic going between networks • By looking at addresses associated with traffic, firewalls determine whether connections should be transmitted or dropped • We will cover the setup and configuration of firewalls in great depth later in class

More Related