1 / 15

TCP/IP - Security Perspective Upper Layers

TCP/IP - Security Perspective Upper Layers. CS-431 Dick Steflik. Application Layer Protocols. Messaging Protocols SMTP, POP, MIME, IMAP, IM Telephony H.323, SIP (used with VoIP) RPC Based Protocols NIS, NFS, Andrew File Transfer Protocols TFTP, FTP, SMB Remote Login

lihua
Télécharger la présentation

TCP/IP - Security Perspective Upper Layers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TCP/IP - Security PerspectiveUpper Layers CS-431 Dick Steflik

  2. Application Layer Protocols • Messaging Protocols • SMTP, POP, MIME, IMAP, IM • Telephony • H.323, SIP (used with VoIP) • RPC Based Protocols • NIS, NFS, Andrew • File Transfer Protocols • TFTP, FTP, SMB • Remote Login • Telnet, rlogin, Ssh, • Information Services • Finger, whois, LDAP, WWW,NNTP • Proprietary Protocols • RealAudio, SQL’Net, VNC

  3. SMTP • Biggest problem is figuring out who a piece of mail is really from • Must use a higher level mechanism for trust or privacy • Most SMTP clients use sendmail which has been a constant source of security problems for years

  4. MIME • MIME headers could be hand crafted by hacker to overwrite data • MIME fragmentation could subvert virus checkers ability to detevt embedded virus’ • Mailing of executable programs

  5. POP • Pretty insecure • Passwords not secure, sent as clear text • Exchanges are done as clear text • Can be done over SSL/TLS • Some UNIX systems POP runs as root until user is authenticated and then switches to that userid, never good to have servers running as root (many sysadmins set up to run servers as nobody)

  6. IMAP • Authentication is better than in POP but still not great (shared secret) • Complex protocol, leaves many possibilities for hackers to try to subvert the protocol • Not as popular as POP • Used more on intranets than the internet

  7. IM • Very popular on the Internet but very dangerous on intranets connected to the internet due to employees inadvertently leaking private data onto the public media. • Use commercial systems if needed on an intranet, possibly with encryption

  8. RPC & Rpcbind • Developed by Sun Microsystems • Popular way of implementing distributed computing • Authentication is weak, some versions used Kerberos based some use DES based shared session keys • Rpcbind will advertise all registered services and allow them to be unregistered (by a wiley hacker) • Rpcbind calls can be indirectly forwarded making verification of source hard to determine

  9. NIS (Network Information Service) • Used to distribute certain databases • Password files • Hosts file • Public and private key databases • Never run NIS on exposed (to the internet) machines • Configuration is very important.

  10. NFS (Network File System) • RPC and UDP based • Pools unused storage on distributed machines into a virtual hard disk (rpcbind provides addressing information) • Port 2049 (normally) • Same problems as other RPC based systems

  11. AFS (Andrew File System) • Developed by Carnagie-Mellon, takenover by IBM • Same goal as NFS, global disk pooling for an organization • Kerberos based authentication • More secure than NFS (but is a product and must be purchased ($))

  12. TFTP (Trivial FTP) • Simple UDP based protocol • No authentication • Used to update flash memories in many appliance type devices and mother boards • Also used in booting routers, diskless workstations and X11 terminals • Should only be run locally, never expose to internet as a fast version of FTP

  13. FTP • Command channel uses telnet, so same problems as telnet • Port command often used as a source of attacks • Anonymous FTP is very common, make sure that files owned or writeable by the FTP login are in the anonymous area • Avoid any system type files in the anonymous area • Place FTP servers supporting anonymous areas in your protected DMZ don’t expose internal FTP servers to the Internet • Better to use SSH based file transfer programs

  14. Telnet • Though commonly used better to have users use Ssh • Most UNIX/Linux machines have SSH built in to the OS distribution, no reason not to use • Use telnet on intranet not on Internet

  15. SSH • Designed to replace rlogin, rdist, rsh, rcp • Custom designed protocol but includes encryption • IETF currently working on standardization • Can safely tunnel X11 or arbitrary TCP ports • Commercial and Open versions • OpenSSH on most Linux • Putty is a free windows client • Can tunnel other protocols through a firewall

More Related