1 / 54

Telecommunications & Network Security

Telecommunications & Network Security. Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett. Presentation Overview. C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture

jorden-zimmerman
Télécharger la présentation

Telecommunications & Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Telecommunications & Network Security Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett

  2. Presentation Overview • C.I.A. as it applies to Network Security • Protocols & Layered Network Architectures • OSI and TCP/IP • TCP/IP protocol architecture • IP addressing & Routing • TCP • Applications • IPv6

  3. C.I.A. • Confidentiality: The opposite of disclosure • Elements used to insure: Security Protocols, authentication services, encryption services • Integrity: The opposite of Alteration • Elements used to insure:Firewalls, Communications Security Management, Intrusion Detection Services • Availability: The opposite of destruction / denial • Fault Tolerance, Acceptable system performance, Reliable administration and network security

  4. Protocols & the Layered Network: Intro • Protocol: • A standard set of rules that determine how computers talk • Describes the format a message must take • Enables multi-platform computers to communicate • The Layered Architecture Concept • Data passes down through the layers to get “out”, and up to get “in” • Reasons for use: to clarify functionality, to break down complexity, to enable interoperability, easier troubleshooting

  5. TCP/IP The “lingua franca” of the Internet.

  6. ISO’s Open Systems Interconnect (OSI) Reference Model • Protocol Layering • Series of small modules • Well defined interfaces, hidden inner processes • Process modules can be replaced • Lower layers provide services to higher layers • Protocol Stack: modules taken together • Each layer communicates with its pair on the other machine

  7. Application Application Presentation Presentation Session Session Transport Transport Datalink Datalink Physical Physical The OSI Model Sender Receiver The path messages take Network Network Across Network

  8. Application Presentation Session Transport Network Datalink Physical OSI Layers Communication partners, QoS identified Semantics , encryption compression (gateways) Establishes, manages, terminates sessions Sequencing, flow/error control, name/address resolution Routing, network addresses (routers) MAC address, low level error control (bridges ) Encoding/decoding digital bits, interface card

  9. Application Transport Layer Network Layer Network Layer TCP/IP Application Transport Layer Transport Layer Network Layer Network Layer Network Layer Network Layer Alice Router Bob

  10. Application Presentation Session Transport Network Datalink Physical TCP/IP: The Protocols and the OSI Model TELNET FTP SMTP DNS SNMP DHCP RIP RTP RTCP Transmission Control Protocol User Datagram Protocol OSPF ICMP IGMP Internet Protocol ARP Ethernet Token Bus Token Ring FDDI

  11. Data Encapsulation by Layer Data Application TCP Header TCP Datagram Network Packet Data Link Frame Destination Opens envelopes layer-by-layer

  12. Transmission Control Protocol (TCP) • Traditional TCP/IP Security: None • No authenticity, confidentiality, or integrity • Implemented & expanding: IPSec • Workhorse of the internet • FTP, telnet, ssh, email, http, etc. • The protocol responsible for the reliable transmission and reception of data. • Unreliable service is provided by UDP. • Transport layer protocol. • Can run multiple applications using the same transport. • Multiplex through port numbers

  13. TCP Fields Source port Destination port Sequence number Acknowledgment number Data offset Reserved Window Checksum Urgent pointer Options Padding data U R P A C K P S H R S T S Y N F I N

  14. TCP Connection Establishment • Alice to Bob: SYN with Initial Sequence Number-a • Bob to Alice: ACK ISN-a with ISN-b • Alice to Bob: ISN-b • Connection Established

  15. Source Port Destination Port Message Length Checksum Data … User Datagram Protocol (UDP) • Connectionless • Does not retransmit lost packets • Does not order packets • Inherently unreliable • Mainly tasks where speed is essential • Streaming audio and video • DNS

  16. ICMP: network plumber

  17. Ports “Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port". • Source port • Destination port • Logical connection • Priviledged – unprivileged ports

  18. Network Address Translation (NAT) • Illegal Addresses • Unroutable addresses: 10.0.0.0 192.168.0.0 • Limited address space in IP V4 • NAT maps bad to valid addresses • Mapping to single external address • One-to-One mapping • Dynamically allocated addresses 12.13.4.5 10.0.0.5 Router

  19. Logical Structure of the Internet Protocol Suite SNMP FTP TFTP TELNET DNS HTTP User Datagram Protocol Transmission Control Protocol Connectionless Connection Oriented IP (ICMP,IGMP) Internet Addressing ARP RARP Physical Layer

  20. Address Resolution Protocol (ARP) Maps IP addresses to MAC addresses When host initializes on local network: • ARP broadcast : IP and MAC address • If duplicate IP address, TCP/IP fails to initialize Address Resolution Process on Local Network • Is IP address on local network? • ARP cache • ARP request • ARP reply • ARP cache update on both machines

  21. ARP Operation Here is my MAC address Give me the MAC address of station 129.1.1.4 ARP Request Not me Not me B 129.1.1.1 C 129.1.1.4 ARP Response Accepted Request Ignored Request Ignored That’s me

  22. Address Resolution on Remote Network • IP address determined to be remote • ARP resolves the address of each router on the way • Router uses ARP to forward packet Router Network B Network A

  23. Reverse Address Resolution Protocol (RARP) RARP Response Give me my IP address 129.1.1.1 Not me Not me RARP Request Diskless Workstation RARP Server B C RARP Response Accepted Request Ignored Request Ignored • Same packet type used as ARP • Only works on local subnets • Used for diskless workstations 23

  24. The Internet Protocol (IP) • IP’s main function is to provide for the interconnection of subnetworks to form an internet in order to pass data. • The functions provided by IP are: • Addressing • Routing • Fragmentation of datagrams

  25. Host Name Resolution Standard Resolution • Checks local name • Local HOSTS file • DNS server Windows NT Specific Resolution • NetBIOS cache • WINS server • b-node broadcasts • LMHOSTS file (NetBIOS name)

  26. Routing Packets • Process of moving a packet from one network to another toward its destination • RIP, OSPF, BGP • Dynamic routing • Static routing • Source routing

  27. Static Routing Tables • Every host maintains a routing table • Use the “route” command in Linux and Windows • Each row (or “entry”) in the routing table has the following columns: • (1) destination address and (2) mask • (3) gateway [i.e., the IP address of the host’s gateway/router] • (4) interface [i.e., the IP address of a host interface] • (5) metric [indicates the “cost” of the route, smaller is better] • When the host wants to send a packet to a destination, it looks in the routing table to find out how • Each OS handles routing somewhat differently

  28. LAN Technologies • Ethernet: CSMA/CD, occasionally heavy traffic, BUS topology • ARCnet: token passing, STAR topology • Token Ring: active monitor, IBM, RING topology • FDDI: token passing, fast, long distance, predictable, expensive • Media & Vulnerabilities • Attenuation, Crosstalk, Noise • Coax: cable failure & length limits • Twisted Pair (Cat 1-7): bending cable, crosstalk, Noise • Fiber-Optic: cost, high level of expertise required to install • Wireless: later

  29. Coaxial Cable • Two types • ThinNet (10Base2) • 10 Mbps, 30 nodes per segment, max 180 meters • LAN • ThickNet (10Base5) • 10 Mbps, 100 nodes per segment, max 500 meters • Backbone • Insecure • Coax is easy to splice

  30. Twisted Pair Copper Cable • Copper wire • Twist reduces EMI • Classified by transmission rates • Cat3, Cat5, Cat5e, Cat6

  31. Fiber-Optic Cable • Glass core with plastic shielding • Small, light, fragile, and expensive • Very fast transmission rate • Can transmit data very far • Immune to interference • Hard to splice

  32. Security Concerns • Easy to insert a node or splice into network • Most attacks involve eavesdropping or sniffing • Physical security • War driving

  33. Network Topologies • BUS • Ethernet • RING • Unidirectional • FDDI, Token Ring • STAR • Logical BUS tends to be implemented as physical Star • TREE • Basically a complicated BUS topology • MESH • Multiple computer to computer connections

  34. Hubs & Switches • Hub: • broadcasts information received on one interface to all other physical interfaces • Switch: • does not broadcast • Uses MAC address to determine correct interface

  35. “Dumb” Devices (forward all packets) Layer 1 = Hub, Repeater Technically, a hub passes signals without regenerating them Layer 2 = Bridge Connects different types of LANs (e.g., Ethernet and ATM, but not Token Ring if you’re lucky) “Intelligent” Devices (decide whether to forward packets) Layer 3 = Router Use routing table to make decisions Improvedperformanceand security Layer 2/3 =Bridge/Router Unswitched Devices

  36. Switches • Layer 2 = data link layer (MAC address) = + over hubs/repeaters • Systems only see traffic they are supposed to see • Unswitched versus switched (full duplex) 10 and 100 mb Ethernet =40% of bandwidth versus 95%+ (no collisions) • Layer 3 = network layer (IP address) = + over routers • Routers moved to periphery • Virtual LANs (VLANs) become viable • Layer 4 = transport layer (TCP/UDP/ICMP headers) = + over L3 • Firewall functionality (i.e., packet filtering) • Significantly more expensive • Layer 5 = session layer and above (URLs) = + over L4 for clusters • Application proxy functionality (but MUCH faster than proxies) • Special function, cutting-edge = significant specific performance gains • 1999/2000: researchers (from IBM & Lucent) designed a layer 5 switch as front-end to a load-balanced 3-node cluster running AIX and Apache: • 220% performance increase due to content partitioning • 600% performance increase due to SSL session reuse

  37. Firewalls • Control the flow of traffic between networks • Internal, External, Server, Client Firewalls • Traditional Packet filters • Stateful Packet filters • Proxy-based Firewalls

  38. Traditional Packet Filters • Analyses each packet to determine drop or pass • SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface • Very limited view of traffic

  39. Stateful Packet Filters • Adds memory of previous packets to traditional packet filters • When packet part of initial connection (SYN) it is remembered • Other packets analyzed according to previous connections

  40. Proxy-based (Application) Firewalls • Focus on application to application • Can approve: • By user • By application • By source or destination • Mom calls, wife answers, etc.

  41. Firewall Architectures • Packet-Filtering Routers • Oldest type, sits between “trusted” & “untrusted” networks • Screened-Host Firewalls • Between a trusted network host and untrusted network • Dual-Homed Host Firewalls • Two nics, ip forwarding, NAT translation • Screened-Subnet Firewalls • Two screening routers on each side of bastion host • DMZ

  42. Security • Encryption: Symmetric vs Asymmetric, hash codes • Application Layer • PGP, GnuPG, S/MIME, SSH • Session Layer: Secure Socket Layer (SSL) • Digital certificates to authenticate systems and distribute encryption keys • Transport Layer Security (TLS) • Network-IP Layer Security (IPSec) • AH: digital signatures • ESP: confidentiality, authentication of data source, integrity

  43. IPSec Authentication Header (AH)

  44. IPSec: Encapsulating Security Payload (ESP)

  45. Introduction to the TCP/IP Standard Applications • DHCP–Provides for management of IP parameters. • TELNET–Provides remote terminal emulation. • FTP–Provides a file transfer protocol. • TFTP–Provides for a simple file transfer protocol. • SSH-Encrypted remote terminal & file transfer • SMTP–Provides a mail service. • DNS–Provides for a name service.

  46. DHCP Operation DHCP Server B DHCP Server A DHCP Client FFFFFF DHCP Discover DHCP A Offer (IP addr) DHCP B Offer (IP addr) DHCP Request (A) DHCP A ACK

  47. TELNET TELNET server TELNET server Host TELNET client

  48. File Transfer Protocol (FTP) Host Storage Client (TFTP – uses UDP)

  49. Simple Mail Transfer Protocol (SMTP) • Basic RFCs 821, 822, 974. • Very fast and capable of delivery guarantee depending on client & server. • Primary protocols are used for today’s email. • SMTP–operates over TCP, used primarily as send protocol • POP–operates over TCP, basic receive protocol • IMAP-allows remote storage • Exchange-calendar, contacts, storage, news • http-web interface • Problems: • Phishing, viruses, no built in protects for “stupidity” • Client software glitches

  50. Post Office Protocol (POP) • SMTP is set up to send and receive mail by hosts that are up full time. • No rules for those hosts that are intermittent on the LAN • POP emulates you as a host on the network. • It receives SMTP mail for you to retrieve later • POP accounts are set up for you by an ISP or your company. • POP retrieves your mail and downloads it to your personal computer when you sign on to your POP account.

More Related