html5-img
1 / 37

Internet Vulnerabilities & Criminal Activities

Internet Vulnerabilities & Criminal Activities. 1.2 – 9/12/2011 Structure of Internet Communications. Computer Data. Binary format All data represented by only 2 signals 0’s and 1’s for representation 5 means of representation Electric current Voltage Iron particles “Pits” and “Land”

baileyb
Télécharger la présentation

Internet Vulnerabilities & Criminal Activities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Vulnerabilities & Criminal Activities 1.2 – 9/12/2011 Structure of Internet Communications

  2. Computer Data • Binary format • All data represented by only 2 signals • 0’s and 1’s for representation • 5 means of representation • Electric current • Voltage • Iron particles • “Pits” and “Land” • Electron grid • Fragile • Intangible • Must have means of interpreting

  3. Protocol The “language” or rules used to transmit data over a network.

  4. Common Protocols • HTTP - Hypertext Transfer Protocol • FTP - File Transfer Protocol • SMTP - Simple Mail Transfer Protocol • IP - Internet Protocol • TCP - Transmission Control Protocol • UDP - User Datagram Protocol

  5. Packet The unit of data sent from a source to a destination on the Internet

  6. Packet format • Header • Information about the packet being sent • Payload • Actual data • Trailer • End of data signal • Also used for error checking

  7. Port Virtual ports are part of TCP/IP networking. These ports allow software applications to share hardware resources without interfering with each other. Computers and routers automatically manage network traffic traveling via their virtual ports. Network firewalls additionally provide some control over the flow of traffic on each virtual port for security purposes.

  8. Common Port Numbers • 20, 21 - FTP (File Transfer) • 22 - SSH (Secure Shell) • 25 - SMTP (Mail) • 53 - DNS (Domain Name System) • 80 - HTTP (Web Pages)

  9. Internet Protocol Number Numerical identification number used by a node on the Internet

  10. IP Number Format • IPv4 - 32 bits, 4 bytes long • Each byte separated by a . (dot) • Example - 64.252.150.126 • Divided in to classes by first octet • Class A , 1-126 • Class B, 128-191 • Class C, 192-223 • 127.0.0.1, loopback

  11. IPv6 • Succeeds IPv4 • Many more unique numbers available • 128 bit addresses – 2128 possible addresses • Eliminates need for NAT • Offers more features than IPv4 • Typical IPv6 address:2001:0db8:85a3:0000:0000:8a2e:0370:7334

  12. Domain Name System (DNS) A server that converts domain names into their associated IP number 64.252.150.126 = snet.net

  13. OSI - Open Systems Interconnection • Model of network protocols • Created by the ISO • Protocol stack • Each layer responsible for specific processing • Layers only communicate with layer above & layer below • Communications • Outgoing - each layer adds new data • Receiving - each layer strips off data

  14. 7 - Applications Layer • Interface between applications program and protocol stack • Layer contacted by application program • Examples - http, ftp, smtp

  15. 6 - Presentation Layer • Also called translation layer • Converts data received from application layer to format used by protocol stack • Can be used for compression & encryption

  16. 5 - Session Layer • Allows two programs within different computers to establish a communication session • Sets communication markers (not on all networks)

  17. 4 - Transport Layer • Interface between application layers and network layers • Protocols - tcp, udp • On sending machine: • Divides data sent by Session layer into packets • On receiving machine: • Puts packets into order • Checks data integrity • Sends acknowledgement

  18. 3 - Network Layer • Handles packet addressing • Converts logical address to physical address • Sets route packets will follow from source to destination • Protocol - IP

  19. 2 - Data Link Layer • Sending machine • Converts packets into frames • Adds physical address of source and destination machines • Calculates checksum • Receiving machine • Recalculate checksum • Send acknowledgement if checksums match

  20. 1 - Physical Layer • Sending machine • Converts Data Link Layer frames into transmission signals • Electronic signal • Luminous signal • Electromagnetic signal • Receiving machine • Converts physical signal into 1’s & 0’s

  21. OSI - How it works • Sending machine - each layer adds a header • Receiving machine - each layer removes a header • Layer only sees header added by same layer on sending machine

  22. TCP/IP • Fewer layers than OSI • Different protocols working on different level • May have more than one protocol on the same level

  23. Application Layer • Communicates between application programs & transport layer • Protocol selected • Port number assigned

  24. Transport Layer • Divides data into packets • Orders received packets • Checks & acknowledges received packets

  25. Transport Layer Protocols • TCP - Transmission Control Protocol • Reliable • Used for SMTP, HTTP, FTP • UDP - User Datagram Protocol • Unreliable • Used for DNS

  26. Internet Layer • Determines path packet should take from source to destination • Every router on the path is called a hop • Router uses its router table to determine packet’s path • No acknowledgement on this level

  27. Network Interface Layer • Most common physical network - Ethernet • Logic Link Control (LLC) Layer • Adds information on Internet layer protocol • Media Access Control (MAC) Layer • Add source & destination MAC address • Physical Layer - same as OSI model Physical Layer

  28. Network Interface Frame • Data to be transmitted or received has now been converted to a frame • Each layer adds a header when sending • Each layer removes a header when receiving

  29. Communications Log

  30. Languages of the Web - HTML • HyperText Markup Language • File extensions: .html, .htm, .html4 • Comprised of elements which tells receiving browser how to display those elements • Hyperlink: link from a web page element to another file or web page • Some elements can pose security risks • Related: Dynamic HTML (DHTML), XML, XHTML

  31. Languages of the Web - Perl • Practical Extraction and Report Language • File extension: .pl • High level programming language • Portable, free • Robust & flexible • Server-side actions • Security risk from inputs

  32. Languages of the Web - PHP • Personal Home Page • File extensions: .php, .php3 • Server-side scripting language • Used for database applications • Security risk from inputs

  33. Languages of the Web - ColdFusion • ColdFusion • File extension: .cfm • Three major components • ColdFusion Application Server - server-side processor of ColdFusion page requests • ColdFusion Markup Language - similar to HTML • ColdFusion Studio - integrated development environment (IDE) • Can be used for database connectivity

  34. Languages of the Web - ASP • Active Server Pages • File extension: .asp • Server-side scripting environment • Default language is VBScript • Can be used for database connectivity • ActiveX - used for dynamic web page content

  35. Languages of the Web - CGI • Common Gateway Interface • File extensions: .cgi, .pl • Oldest standard for passing information from web server to another program (such as Perl) • Set of guidelines used with many web languages

  36. Languages of the Web - Java • Java • File extension: none • Client-based • Scripting languages • Javascript - connected to Java by name only • Jscript - Microsoft’s Javascript clone • Server-based • Java Server Pages (JSP) • File extension: .jsp • Used for dynamic content & database connectivity • JHTML • File extension: .jhtml • HTML with Java

  37. Sources • “The OSI Reference Model for Network Protocols” by Gabriel Torres. Hardware Secrets. (2007) http://www.hardwaresecrets.com/article/431 • “How TCP/IP Protocol Works - Part 1” by Gabriel Torres. Hardware Secrets. (2007) http://www.hardwaresecrets.com/article/433 • “How TCP/IP Protocol Works - Part 2” by Gabriel Torres. Hardware Secrets. (2007) http://www.hardwaresecrets.com/article/435 • “Languages of the Web” by Stuart McClure, Saumil Shah, and Shreeraj Shah. Web Hacking: Attacks and Defenses (2003)

More Related