1 / 10

Overview of Networking & Operating System Security

Overview of Networking & Operating System Security. Jagdish S. Gangolly School of Business State University of New York at Albany

britanney-kidd
Télécharger la présentation

Overview of Networking & Operating System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of Networking & Operating System Security Jagdish S. Gangolly School of Business State University of New York at Albany NOTE: These notes are based on the book Security in Computing, by Charles & Shari Pfleeger (3rd ed) and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor. Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  2. Overview of Networking & Operating System Security • Networking • OSI Reference Model • The Internet Model • TCP/IP • TCP Vulnerabilities • UDP • UDP Vulnerabilities • IP • IP Vulnerabilities Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  3. Networking I • OSI Reference Model • Layer 7: Application Layer • Layer 6: Presentation Layer • Layer 5: Session Layer • Layer 4: Transport Layer • Layer 3: Network Layer • Layer 2: Data Link Layer • Layer 1: Physical Layer Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  4. Networking II • The Internet Model: • Application Layer (http, telnet, email client,…) • Transport Layer: Responsible for ensuring data delivery. (TCP and UDP) (Port-to-Port) • Network Layer:Responsible for communicating between the host and the network, and delivery of data between two nodes on network. (IP) (Machine-to-Machine) • Data Link Layer: Responsible for transporting packets across each single hop of the network (Node-to-Node) • Physical Layer: Physical media (Repeater-to-repeater) Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  5. TCP/IP • Applications using TCP: • FTP, telnet, SMTP, POP, HTTP • TCP header info • Source/Destination Port numbers • Sequence number • Acknowledgement number • Data offset, describes where the header ends • Reserved, for future use • Control bits (six bits – URG, ACK, PSH, RST, SYN, FIN) • Window, number of outstanding packets between systems • Checksum, to maintain the integrity of the TCP packets • Urgent pointer, to where urgent information is located in the packet • Options, additional information about TCP processing capabilities • Padding, to extend the boundary of TCP header to end on a 32-bit boundary Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  6. TCP Vulnerabilities • Vulnerabilities: • Scanning ports using tools such as N-map. (netstat command in Windows) • Attacker can mask port usage using kernel level Rootkits (which can lie about backdoor listeners on the ports) • Attacker can violate 3-way handshake, by sending a RESET packet as soon as SYN-ACK packet is received Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  7. UDP • Connectionless protocol • Used in streaming audio and video applications, and DNS query and response • No retransmission of lost packets • “Unreliable Damn Protocol” • UDP header info: • Source/Destination Port numbers • Message length • Checksum • Data Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  8. UDP Vulnerabilities • Lack of a 3-way handshake • Lack of control bits hinders control • Lack of sequence numbers also hinders control • Scanning UDP ports is also harder, since there are no code bits (SYN, ACK, RESET)False positives common since the target systems may n oty send reliable ICMP (port unreachable) messages. Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  9. IP • Used for all traffic moving across the internet • Dotted-quad notation (28.28.28.28) • Netmasks • Packet fragmentation in IP • Vulnerability 1: Tiny fragment attack (the first fragment does not have TCP port number; rest of the header in a different fragment • Vulnerability 2: Fragment overlap attack; first fragment carries a non-monitored port address, the second fragment’s offset overlaps the first to overwrite the header of the first fragment containing the port number Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  10. IP Vulnerabilities • Packet fragmentation in IP • Vulnerability 1: Tiny fragment attack (the first fragment does not have TCP port number; rest of the header in a different fragment • Vulnerability 2: Fragment overlap attack; first fragment carries a non-monitored port address, the second fragment’s offset overlaps the first to overwrite the header of the first fragment containing the port number • Attackers can map a network using TTL (Time-to-Live) field • Attackers can determine packet filtering firewall rule sets using Firewalk Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

More Related