1 / 28

Survey of Information Assurance

Survey of Information Assurance. Review of TCP/IP. Agenda. Brief review of TCP/IP Protocol stack and TCP/IP hierarchal model Detailed discussion of Transport Control Protocol Detailed discussion of Internet Protocol Discussion on limitations of TCP/IP and possible solutions.

zahina
Télécharger la présentation

Survey of Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Survey of Information Assurance Review of TCP/IP

  2. Agenda • Brief review of TCP/IP Protocol stack and TCP/IP hierarchal model • Detailed discussion of Transport Control Protocol • Detailed discussion of Internet Protocol • Discussion on limitations of TCP/IP and possible solutions.

  3. Scope of Discussions The following are not covered in today’s presentation: Implementation details/flaws of TCP/IP protocol stack for generic or specific systems Detailed discussion on EACH of protocols treated as a part of TCP/IP Protocol Suite Detailed discussion on earlier versions Detailed discussion on IPv6

  4. Introduction to TCP/IP • History • Origin of the term “IPv4” • Standards: RFC 793 – TCP and RFC 791 – IP • Extensions: IPv6 • Deployment: Worldwide!!! • Functionality Supported: • Connection oriented data delivery • Fragmentation Support • Addressing and Routing • Congestion Control etc.

  5. TCP/IP Model vs. OSI Model REF: http://www.trainsignaltraining.com/wpnew/wp-content/uploads/2007/10/TCP__OSI___Stelios/1_TCPIP_and_OSI_models.jpg

  6. REF: http://www.trainsignaltraining.com/wpnew/wp-content/uploads/2007/10/TCP__OSI___Stelios/2_TCPIP_Protocol_Suite.jpg

  7. TCP • Standards: RFC 793 – TCP • Later Versions: NONE!!! • Alternative technologies: UDP • History:  Advanced Research projects Agency (ARPA) Research. • Provides following services:  Network Technology Independence  Universal interconnection  Reliable Stream Transport Service  Congestion Control  End-to-end Acknowledgement

  8. TCP Header REF: http://www.visi.com/~mjb/Drawings/TCP_Header.pdf

  9. TCP Header Description • Source port (16-bit) and Destination port (16 bit) • Sequence number (32-bit) • Acknowledgement number (32-bit) • Header Length (4 bit) • Reserved (6 bit) • Control bits (8 bits)  Urgent pointer (URG) if this bit field is set the receiving TCP should interpret the urgent pointer field.  Acknowledgement (ACK) this field is set to acknowledge the field entered is valid  Push function (PSH) if this bit field is set the receiver should deliver this segment to receiving application as soon as possible.

  10. TCP Header Description (2)  Reset the connection (RST) if this bit is present, it is the receiver that sender is aborting the connection and all queued data and allocated buffers and connection can be freely relinquished.  Synchronize (SYN) this specifies that the bit field signifies that a sender to synchronize sequence numbers this is used to establish connection between the sender and receiver. • Window (16-bit) Receiver side capacity to accept data • Checksum (16 bit) • Urgent Pointer (16 bit) • Options: Variable, but cannot be larger than 40 bytes. The header length field is 4 bit. They are often used for various flow control and congestion • Padding: The optional header may vary in size it may be necessary to pad the TCP header to align to 32-bit word boundary. • Data: Application data

  11. TCP – Reliable Stream Transport • Connection Establishment and Termination • Three way Handshake REF: http://condor.depaul.edu/~jkristof/technotes/tcp.html

  12. TCP-Flow control REF: http://condor.depaul.edu/~jkristof/technotes/tcp.html

  13. IP Overview • Standards: RFC 791 – IP (viz. IPv4) • Later Versions: IPv6 • Alternative technologies: IPX • Functionality Supported: • Addressing and Routing • Fragmentation Support • Type of Service • Loose/Strict Source and Record Route

  14. IP Header REF: http://www.visi.com/~mjb/Drawings/IP_Header.pdf

  15. IP Header Description • Version (4 bits) describes header format. Version may be 4 for IPv4 or 6 for IPv6. • IHL (Internet header length – 4 bits) is the length of IP header in 32-bit words. Thus, actual length is 32*IHL-value bits or 4*IHL-value bytes. • TOS (Type of Service – 8 bits) allows setting desired service-quality parameters. • Total Length (16 bits) is length of entire datagram. • Identification (16 bits), Flags (3 bits) and Fragment Offset (13bits) are used for fragmentation and reassembly of datagram(s). • TTL (Time to Live 8 bits) is the maximum time a datagram is allowed to remain in the internetwork. Each device decrements this value when the datagram is processed and drops it if the value is zero.

  16. IP Header Description (2) • Protocol (8 bits) indicates the type of higher layer protocol that follows after IP header. • Header Checksum (16 bits) is checksum on header only. • SA (Source address 32 bits) and DA (Destination address 32 bits) are source and destination IP addresses. • Options (variable length) may or may not be used.

  17. IP Addressing • IP Address is 32 bit field. (~4.29 billion addresses) • The IP address consists of a Network Part and a Host Part • Need for larger addressing space – Division of address space into private and public addresses. • The IANA (Internet Assigned Numbers Authority) has reserved the three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

  18. IP Addressing (2) • The IP Addressing is classful by design: • These classful networks may be further divided by using subnetting • A set of contiguous networks may also be “supernetted” [1] The 0.0.0.0 network is default route and 127.0.0.0 is universal loopback address. REF : http://www.faqs.org/docs/linux_network/x-087-2-issues.ip-addresses.html

  19. IP Addressing (3) - Subnetting • Consider a Class A network: 5.0.0.0 Hosts : 16,777,214 • Consider borrowing 16 bits from host address to form “subnets” 5.x.x.0 –> 65536 sub-networks Hosts : 254 for each subnet -> 16,646,144

  20. IP Addressing (4) - Supernetting • Consider a set of Class C networks: 222.0.0.0 – 222.0.255.0 Networks: 256  256 routes to distinct networks. • Consider borrowing 16 bits from network address to form a “supernet” 222.0.x.0/16 is 1 supernet  1 route to gateway for given network. • Networks need to be contiguous to form supernet.

  21. IP Fragmentation • IP may fragment a PDU based on the maximum transmission unit (MTU) of the link or Path MTU (PMTU). • Higher layers may request DF (Don’t fragment) bit = 1; i.e. the PDU must not be fragmented. • If DF = 1 and PDU size exceeds link MTU, the router will drop the PDU and send ICMP error to sender. • PMTU – D : Path MTU Discovery

  22. IP Fragmentation (2) • IF DF = 0, PDU may be fragmented if needed. • For each fragment of PDU, the Identification value is identical and allows for reassembly for out-of-order fragments at receiver. • The MF (More Fragments) bit is set for all but last fragment of a PDU. • The Fragment Offset value defines the location of given piece of data in the original PDU, it is used for reassembly.

  23. IP Type of Service • This is an 8-bit field  Bits 0-2: Precedence  Bits 3-5: Delay Throughput and Reliability (respectively) [Value: 0  Normal and 1  High]  Bits 6-7: Reserved • Precedence:

  24. TCP/IP – Issues Faced • Security TCP/IP was not designed for security, TCP/IP based communication relies on IP address to identify peer. This IP address and very easily be spoofed and modified. Typical Attacks:  IP address spoofing a) DNS spoofing – Create spoofed DNS response packet for a DNS query b) ARP spoofing – Also called ARP Cache poisoning, allows a malicious host to cause all traffic to be redirected to self  Ping of Death– Uses oversized ping packet (usually >65535 bytes) as fragments and cause buffer-overflows

  25. TCP/IP – Issues Faced (2)  TCP DoS Attack – excessive SYN requests to a server may use up all CPU cycles preventing it from actively provide services like FTP, Radius Authentication, DNS, DHCP etc… allowing for more complicated impersonation or simple denial of service.  TCP Sequence Number prediction – to create one-sided TCP connection (Berkeley implementation of SN generation): a) Impersonate an alive host and connect to server b) Impersonate a down host by using netstat service  Routing Based Attacks – a) Poison RIP Routing information as it is received unchecked by routers b) ICMP Redirect for an open connection c) ICMP “Destination Unreachable” and “TTL exceeded”

  26. TCP/IP – Issues Faced (3) • Limited Address Space IPv4 supports slightly over 4.29 billion addresses. This is highly insufficient address space. • Connection Delay There is an inherent delay involved in session establishment and overhead involved with processing information contained in TCP header.

  27. Possible Solutions • Security:  Narrow spectrum technologies – Firewalls, DHCP Snooping  Broad Spectrum technologies – Encryption • Address Space limitation:  NAT – introduces other issues (still widely deployed)  IPv6 – has not yet had widespread acceptance • Delay and overhead of connection:  UDP

  28. References • www.tcpipguide.com • RFC 791 – Internet Protocol • RFC 793 – Transport Control Protocol • By Douglas Komer • http://www.securityfocus.com/infocus/1674 • http://www.cs.columbia.edu/~smb/papers/ipext.pdf • http://www.xs4all.nl/~rmeijer/spoofing.html

More Related