1 / 115

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011. Telecommunications and Network Security. Domain Agenda. Networks Network Security Physical Data Link Network Transport Session Presentation Application Telephony Services. OSI Model.

sirvat
Télécharger la présentation

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011 Telecommunications and Network Security

  2. Domain Agenda • Networks • Network Security • Physical • Data Link • Network • Transport • Session • Presentation • Application • Telephony • Services

  3. OSI Model • The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization. • It is a way of sub-dividing a communications system into smaller parts called layers. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives services from the layer below it. • On each layer an instance provides services to the instances at the layer above and requests service from the layer below.

  4. OSI Reference Model • Layer 7: Application • Layer 6: Presentation • Layer 5: Session • Layer 4: Transport • Layer 3: Network • Layer 2: Data Link • Layer 1: Physical

  5. TCP/IP • In the TCP/IP model of the Internet, protocols are not as rigidly designed into strict layers as the OSI model. • TCP/IP does recognize four broad layers of functionality which are derived from the operating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and lastly the scope of the direct links to other nodes on the local network. • The Internet Application Layer includes the OSI Application Layer, Presentation Layer, and most of the Session Layer. Its end-to-end Transport Layer includes the graceful close function of the OSI Session Layer as well as the OSI Transport Layer. The internetworking layer is a subset of the OSI Network Layer (see above), while the Link Layer includes the OSI Data Link and Physical Layers, as well as parts of OSI's Network Layer.

  6. Network Security • Issues and Concerns • Non-repudiation • Redundancy • Risks • Network is the key asset in many organizations • Network Attacks • Attacks • Network as a channel for attacks • Network as the target of attack

  7. Network Security • Defense in Depth • Series of hurdles • Collection of controls • Security controls: • Are built around social, organizational, procedural and technical activities • Will be based on the organization’s security policy • Security Objectives and Attacks • Business risk vs. Security solutions • Attack scenarios • Network entry point • Inbound vs. Outbound attacks • Methodology of Attack • Attack trees • Path of least resistance

  8. Target Related Issues • Acquisition • Attacks start by gathering intelligence • Controls • Limit information on a network; Distract an attacker • Analysis • Analyze target for security weaknesses • Access • Obtain access to the system • Manage user privileges • Monitor access • Target Appropriation • Escalation of privileges • Attacker may seek sustained control of the system • Controls against privilege escalation

  9. Network Security Tools • Tools automate the attack processes • Network security is more than just technical implementations • Scanners • Discovery scanning • Compliance scanning • Vulnerability scanning

  10. Layer 1: Physical Layer • Bits are converted into signals • All signal processing is handled here • Physical topologies

  11. Communication Technology • Analog Communication • Analog signals use frequency and amplitude • Transmitted on wires or with wireless devices • Digital communications • Uses different electronic states • Can be transmitted over most media • Integrity of digital communication is easier • Digital communication brings quantitative and qualitative enhancements

  12. Network Topology • Even small networks are complex • Network topology and layout affect scalability and security • Wireless networks also have a topology • Ring Topology • Closed-loop topology • Advantages • Deterministic • Disadvantages • Single point of failure

  13. Network Topology • Bus Topology • LAN with a central cable to which all nodes connect • Advantages • Scalable; Permits node failure • Disadvantages • Bus failure • Tree Topology • Devices connect to a branch on the network • Advantages • Scalable; Permits node failure • Disadvantages • Failures split the network

  14. Network Topology • Mesh Topology • Every node network is connected to every other node in the network • Advantages • Redundancy • Disadvantages • Expensive; Complex; Scalability • Star Topology • All of the nodes connect to a central device • Advantages • Permits node/cable failure; Scalable • Disadvantages • Single point of failure

  15. Cable Selection Considerations • Throughput • Distance between devices • Data sensitivity • Environment • Twisted Pair • One of the simplest and cheapest cabling technologies • Unshielded (UTP) or shielded (STP)

  16. Unshielded Twisted Pair (UTP)

  17. Coaxial Cable (Coax) • Conducting wire is thicker than twister pair • Bandwidth • Length • Expensive and physically stiff

  18. Fiber Optics • Three components • Light source • Optical fiber cable • Two types • Light detector • Advantages • Disadvantages

  19. Wireless Transmission Technologies • 802.11 – WLAN • 806.16 – WMAN, WiMAX • Satellite • Bluetooth • IrDA • Microwave • Optical

  20. Wireless Multiplexing Technologies

  21. Physical Layer: Equipment Agenda • Patch panel • Modem • Cable modem • Digital subscriber line • Hub and repeater • Wireless access points

  22. Physical Layer: Equipment Agenda • Patch Panels • Provide a physical cross-connect point for devices • Alternative to directly connecting devices • Centralized management • Modem • Convert a digital signal to analog • Provide little security • War dialing • Unauthorized modems

  23. Physical Layer: Equipment Agenda • Cable Modem • PCF Ethernet NIC connects to a cable modem • Modem and head-end exchange cryptographic keys • Cable modems increase the need to observe good security practices • Digital Subscriber Line • Use CAT-3 cables and the local loop • Asymmetric Digital Subscriber Line (ADSL) • Rate-Adaptive DSL (RADSL) • Symmetric Digital Subscriber Line (SDSL) • Very high bit rate DSL (VDSL)

  24. Physical Layer: Equipment Agenda • Hubs • Used to implement a physical star/logical bus topology • All devised can read and potentially modify the traffic of other devices • Repeaters • Allow greater distances between devices • Wireless Access Points (WAPS) • Access Point (AP) • Multiple Input Multiple Output (MIMO)

  25. Standard Connections • Types of connectors • RJ-11 • RJ-45 • BNC • RS-232 • Cabling standards • TIA/EIA-568

  26. Physical Layer Threats and Controls • Attacking • Wire • Wireless • Equipment: Modems • Controls • Wire • Shielding • Conduit • Faraday cage • Wireless • Encryption • Authentication • Equipment • Locked doors and cabinets

  27. Layer 2: Data Link Layer • Connects layer 1 and 3 • Converts data from a signal into a frame • Transmits frames to devices • Linker-Layer encryption • Determines network transmission format

  28. Synchronous/Asynchronous Communications • Synchronous • Timing mechanism synchronizes data transmission • Robust error checking • Practical for high-speed, high-volume data • Asynchronous • Clocking mechanism is not used • Surrounds each byte with bits that mark the beginning and end of transmission

  29. Unicast, Multicast and Broadcast Transmissions • Multicasts • Broadcasts • Do not use reliable sessions • Unicast

  30. Unicast – Point-to-Point • ISDN (Integrated Services Digital Network) • T’s (T Carriers) • E’s (E Carriers) • OC’s (Optical Carriers)

  31. Integrated Service Digital Network (ISDN)

  32. “T” Carrier

  33. “E” Carrier

  34. “OC” Optical Carrier STS

  35. Circuit-switched vs.Packet-switched Networks • Circuit-switched • Dedicated circuit between endpoints • Endpoints have exclusive use of the circuits and its bandwidth • Packet-switched • Data is divided into packets and transmitted on a shared network • Each packet can be independently routed on the network • Switched vs. Permanent Virtual Circuits • Permanent Virtual Circuits (PVC) • Switched Virtual Circuits (SVC)

  36. Carrier Sense Multiple Access • Only one device may transmit at a time • There are two variations • Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) • Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

  37. Polling to Avoid Contention • Slave device needs permission from a master device • Used mostly in mainframe protocols • Optional function of the IEEE 802.1 1 standard

  38. Token Passing • A token is a special frame that circulates through the ring • Device must possess the token to transmit • Token passing is used in Token Ring (IEEE 802.5) and FDDI

  39. Bridges and Switches • Bridges • Layer 2 devices that filter traffic between segments based on MAC addresses • Can connect LANs with unlike media types • Simple bridges do not reformat frames • Switches • Multi-port devices to connect LAN hosts • Forward frames only to the specified MAC address • Increasingly sophisticated • Also forward broadcasts

  40. Multiplexer/Demultiplexer • Combining or splitting signals • Technologies • TDM – Time • FDM – Frequency • WDM – Wave

  41. Wireless Local Area Networks • Allow mobile users to remain connected • Extend LANs beyond physical boundaries

  42. Wireless Standards : IEEE 802 • 802.1 1b • 802.1 1a • 802.1 1g • 802.1 1n / Multiple Input Multiple Output • 802.1 1i / Security • 802.1 6 / WiMAX • 802.1 5 / Bluetooth • 802.1 x / Port security

  43. Ethernet (IEEE 802.3) • Most popular LAN architecture • Support bus, star, and point-to-point topologies • Currently supports speed up to 10000 Mbps

  44. Protocols • Address Resolution Protocols (ARP) • ARP (RFC 826) • RARP (RFC 903) • ARP Cache Poisoning • Point-to-Point Protocol (PPP) • RFC 1331 • Encapsulation • Link Control Protocol (LCP) • Network Control Protocols • Password Authentication Protocol (PAP) • Identification and authentication of remote entity • Uses a clear text, reusable (static) password • Supported by most network devices

  45. Challenge Handshake Authentication Protocol • CHAP • Periodically re-validates users • Standard password database is unencrypted • Password is sent as a one-way hash • CHAP Process • MSCHAP • The Nonce

  46. Extensible Authentication Protocol (EAP) • Provides a pointer to authentication • EAP – Transport level security • Wireless needs EAP • PEAP - (Protected EAP)

  47. Link Layer Threats • Confidentiality • Sniffing for reconnaissance • Offline brute force • Unapproved wireless • Integrity • Modify packets • Man-in-the-middle • Force weaker authentication • Availability • Denial of service • War driving • Transition from wireless to wired

  48. Wired and Wireless Link-Layer Controls • Encryption • PPP Encryption Control Protocol (ECP) • Authentication • PAP • CHAP • EAP • Tunneling • EAP-TTLS • Radio frequency management

  49. Wireless Encryption Summary

  50. Metropolitan Area Network (MAN) • Optimization for city • Use wireless infrastructure, fiber optics or ethernet to connect sites together • Still needs security • Switched Multi-megabit Data Service (SMDS) • SONET/SDH

More Related