networking concepts module a copyright pearson prentice hall 2013
Post on 13-Jan-2016
220 Views
Preview:
TRANSCRIPT
Networking ConceptsNetworking Concepts
Module AModule A
Copyright Pearson Prentice Hall Copyright Pearson Prentice Hall 20132013
This is a module that some teachers will cover while others will not
This module is a refresher on networking concepts, which are important in information security
If your teacher does not cover networking, you might want to cover it yourself, to “get the rust out” of your networking knowledge
2Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Copyright Pearson Prentice-Hall 2010
Octet◦ A Byte (collection of 8 bits)
8 bits = 1 Character
◦ Bit Is the basic unit of IT represented as a 0 or 1
Host◦ Any Device connected to the Internet
3
Copyright Pearson Prentice-Hall 20104
Access Routerwith Built-in
Wireless Access PointFunctionality
PC withWireless
NIC
WirelessCommunication
DSLBroadband
Modem
PC withInternal
NIC
UTP
File Sharing
PrinterSharing
NIC = Network Interface Card,provides capability for Network communications
Router◦ Connects one network to another
Is a Switch◦ Sends frames between computers
Is a Wireless Access Point (WAP)◦ Signals are spread wide increasing danger
Contains a Dynamic Host Configuration Protocol (DHCP)◦ Provides each host an IP address
Provides Network Address Translation (NAT)◦ Hides IP address from attack
Copyright Pearson Prentice-Hall 20105
6Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
LAN (Local Area Network)◦ Operate within building not across geographic
locations
WAN (Wide Area Network, internet)◦ Operate across geographic locations
◦ Because corporations don’t have regulatory rights to lay network lines in public areas they rely on commercial companies
Internet◦ Network of Network’s
Copyright Pearson Prentice-Hall 20107
Copyright Pearson Prentice-Hall 2010 8
OfficeBuilding
WorkgroupSwitch
1
Core Switch
Optical Fiber Cord
Equipment Room
To WANRouter
WorkgroupSwitch
2
WirelessAccess PointWireless Client
Server
UTPTelephone
Wiring
WiredClient
Workgroup Switch: connect computers to the network
Core Switch: Connect switches to other switches
Any computer can plug into a wall jack and potentially gain access to the network. 802.1x requires any computer to first authenticate before gaining access to the network
Copyright Pearson Prentice-Hall 2010 9
FrameRelay
Credit CardAuthorization
BureauDa Kine Island
Headquarters
Branchin State
(60)
ISP 1
FrameRelay
North Shore
Operations
T1
T1
T3
T3
ISP 2
Internet
T3 Leased Line
LeasedLine
LeasedLine
LeasedLine
LeasedLines
LeasedLine
LeasedLine
Two Types of Leased Lines
Point to Point
Public Switched Data Network (PSDN) – passes frames between multiple sites
Connections to these Networks is limited
Security by Obscurity – not the best if it is breached there is no security
Connections to these Networks is limited
Security by Obscurity – not the best if it is breached there is no security
10Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
11
NetworkBrowser
Packet
Router
PacketRouter
Packet
Route
WebserverSoftware
Router
The global Internet has thousands of networks connectedby routers
The global Internet has thousands of networks connectedby routers
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Messages (data) can move from any computer to any other computer on any other network connected to the Internet
Frames:
◦ Messages (data) between a single network (LAN or WAN)
Packets
◦ Messages (data) between computers across the Internet
◦ Packets are contained within Frames Different Frame per Network
◦ Internet was designed specifically to NOT ADD SECURITY!
Copyright Pearson Prentice-Hall 201012
13
Packet travels in a differentframe in each network
Packet travels in a differentframe in each network
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Copyright Pearson Prentice-Hall 201014
Router
User PC'sInternet Service
Provider
ISP
Internet Backbone(Multiple ISP Carriers)
User PCHost Computer
WebserverHost Computer
ISP
NAP
NAP
NAP
NAP = Network Access Point
Webserver'sInternet Service
Provider
AccessLine
Access Line
ISP
ISP
US Backbone Map
Networks must “talk” with each other◦ Interoperability
Requires Standards
Standards Security Issues:1.Is it inherently secure
an essential constituent or characteristic
2.Explicitly designed into standard
3.If added “after-the-fact” usually to newer versions going forward
4.Vendor implementations can be defective
Copyright Pearson Prentice-Hall 201015
Copyright Pearson Prentice-Hall 201016
Super Layer Description
Application Communication between application programs on different hosts attached to different networks on an internet.
Internetworking Transmission of packets across an internet. Packets contain application layer messages.
Single Network Transmission of frames across a network. Frames contain packets.
Core Standards for each sub-system of the network communication process
17
Super Layer TCP/IP OSI Hybrid TCP/IP-OSI
Application Application Application Application
Presentation
Session
Internet Transport Transport Transport
Internet Network Internet
Single Network Subnet Access Data Link Data Link
Physical Physical
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
18
In a single network, a physical link connects adjacent devices.
A data link is the path that a frame takes across a single network.
One data link; three physical links.Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Device Connection Types◦ UTP
Links between computers and switches Uses voltage changes (high vs low) Act like radio antennas, so signal can be
intercepted without tapping◦ Optical Fiber
Uses light changes (on or off) Require tapping for interception of data
◦ Wireless Uses radio waves for transmission Spread widely and easily intercepted
Copyright Pearson Prentice-Hall 201019
Internet◦ How routers forward packets
◦ Main standard is Internet Protocol (IP)
Transport◦ Main standard is Transport Control Protocol (TCP)
Fixes transmission errors Ensures proper order of packets Slows transmission if necessary
◦ For transmissions that do NOT require these capabilities will use User Datagram Protocol (UDP)
Copyright Pearson Prentice-Hall 201020
Connection-Oriented◦ Requires agreement for transmission to
commence
◦ Monitors transmission for errors to ensure Reliability of transmission
Connectionless◦ Does NOT require agreement, transmission occurs
when needed
◦ No monitoring of transmission for errors occurs
Copyright Pearson Prentice-Hall 201021
Connectionless
Unreliable
Purpose◦ How are packets organized
◦ How routers move packets to destination host
Versions◦ IPv4
32 bit address size 232 = 4,294,967,296
◦ IPv6 128 bit address size 2128 = 3.4e+38
Copyright Pearson Prentice-Hall 201022
23Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Copyright Pearson Prentice-Hall 201024
Total Length(16 bits)
Identification (16 bits)
Header Checksum (16 bits)Time to Live
(8 bits)
Flags
Protocol (8 bits)1=ICMP, 6=TCP,
17=UDP
Bit 0 Bit 31IP Version 4 Packet
Source IP Address (32 bits)
Fragment Offset (13 bits)
Diff-Serv(8 bits)
HeaderLength(4 bits)
Version(4 bits)
Destination IP Address (32 bits)
Options (if any) Padding
Data Field
0100
Represented as 32 bit rows
Consists of:◦ Header consists of 5 rows
May have optional rows
◦ Data
Copyright Pearson Prentice-Hall 201025
Version◦ 0100 = 4
Header Length (usually 5 rows)◦ 0101 = 5
◦ More than 5 rows usually indicates an attack so examining this part of the header is important to detect attacks
Diff-Serv◦ Rarely uses intended to provide priority to different packets
(Network Neutrality)
Total Length◦ Length of (entire packet - header) in bytes
◦ Maximum size of a packet is 216 = 65,536
Copyright Pearson Prentice-Hall 201026
Total Length(16 bits)
Diff-Serv(8 bits)
HeaderLength(4 bits)
Version(4 bits)
Used if a packet is too large and is divided into smaller packets
This is rare and can indicate an attack
Most O/S don’t allow fragmentation
Copyright Pearson Prentice-Hall 201027
Identification (16 bits) Flags Fragment Offset (13 bits)
Time to Live (TTL)◦ Set to a value between 0 and 255
Usually set to 64 or 128 by O/D
◦ As packet moves from router to router
◦ TTL decremented by 1
◦ If TTL reaches 0 the packet is discarded
◦ Attackers can determine how many router hops are between hacker and victim host by examining TTL and guessing 64 or 128 so…
Protocol Message
Header Checksum
Copyright Pearson Prentice-Hall 201028
Header Checksum (16 bits)Time to Live
(8 bits)
Protocol (8 bits)1=ICMP, 6=TCP,
17=UDP
Each Address is 32 bits long
11111111000000001111111100000000
Kind of hard to remember so…
Divided into 4 8 bit segments & converted to decimal (0 to 255)
132.170.217.166 www.bus.ucf.edu
4 segments divided into a mask◦ First 2 are for the
network◦ 132.170 = UCF◦ 217 = College of
Business◦ 166 = Web Server
Copyright Pearson Prentice-Hall 2010 29
Copyright Pearson Prentice-Hall 201030
Source IP Address (128 bits)
Destination IP Address (128 bits)
Next Header or Payload (Data Field)
Version(4 bits)
Value is 6(0110)
Diff-Serv(8 bits)
Flow Label (20 bits)Marks a packet as part of a specific flow
Payload Length (16 bits) Next Header(8 bits)
Name of next header
Hop Limit(8 bits)
Bit 0 Bit 31
Payload length = Total Length from IPv4Hop Limit = TTL from IPv4
Note there is no ChecksumReliability is assumed from higher level security
Unlike IPv4 IPv6 utilized optional header rows One such use is for IPSec Remember that IP was developed without
Security IPSec was added later to provide security
◦ Everything in the data field of the packet is Secure
◦ Application message is also secure
◦ Two Modes: Transport – host to host protection Tunnel – protection between hosts Details in Chapter 4
Copyright Pearson Prentice-Hall 201031
Transmission Control Protocol (TCP)◦ Connection-oriented, reliable
◦ TCP message is called a Segment
User Datagram Protocol (UDP)◦ Connectionless, unreliable
Copyright Pearson Prentice-Hall 201032
Copyright Pearson Prentice-Hall 201033
Source Port Number (16 bits) Destination Port Number (16 bits)
Sequence Number (32 bits)
TCP Checksum (16 bits)
Data Field
Flag fields are 1-bit fields. They include SYN, ACK, FIN, RST, PSH, and URG
Urgent Pointer (16 bits)
Bit 0 Bit 31
Acknowledgement Number (32 bits)
HeaderLength(4 bits)
Reserved(6 bits)
Flag Fields(6 bits)
Window(16 bits)
Options (if any) Padding
Copyright Pearson Prentice-Hall 201034
PCTransport Process
WebserverTransport Process
1. SYN (Open)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
Open(3)
3-Way Open
1. Syn = Synchronize sequence numbers, I want to send a message
2. SYN, ACK (Acknowledge), OK I’ll accept your message
3. ACK = OK I’m acknowledging that I received your acknowledgement
Hacker floods victim host with SYN messages
The victim host◦ Sends SYN, ACK &
◦ Sets aside resources for the upcoming message
Hacker never sends ACK back◦ Half-open SYN attack
Copyright Pearson Prentice-Hall 201035
36
PCtransport process
Webservertransport process
1. SYN (Open)
2. SYN, ACK (1) (Acknowledgement of 1)
3. ACK (2)
4. Data = HTTP Request
5. ACK (4)
6. Data = HTTP Response
7. ACK (6)
Open(3)
CarryHTTPReq &Resp(4)
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
37
PCtransport process
Webservertransport process
8. Data = HTTP Request (Error)CarryHTTPReq &Resp(4)
9. Data = HTTP Request (No ACK so Retransmit)
10. ACK (9)
11. Data = HTTP Response
12. ACK (11)
Error Handling
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
38
PCtransport process
Webservertransport process
Close(4)
13. FIN (Close)
14. ACK (13)
15. FIN
16. ACK (15)
Note: An ACK may be combined with the next message if the next messageis sent quickly enough
Normal Four-Way Close
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Copyright Pearson Prentice-Hall 201039
PCTransport Process
WebserverTransport Process
Close(1)
RST
Abrupt Close
Either side can sendA Reset (RST) Segment
At Any TimeEnds the Session Immediately
Rejection of a SYN (from an untrusted host) with a RST will provideHacker with IP address of internal host, something the hacker tries to get
Sequence Number field◦ Allows for segments to be put together in order
First segment uses a randomly generated number
If segment contains no data (SYN, ACK, etc) number is 1 + last segment
If segment contains data Number of first octet (byte) for the data field is used
Acknowledgement Number field◦ Enables verification that a segment has arrived
Number of last octet (byte) for the data field + 1
Copyright Pearson Prentice-Hall 201040
41Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Clients◦ Random number used when connecting to Host
for transmission session (short-lived session)
Servers◦ Represents a specific application running
Socket◦ Combination of IP Address and Port Number
◦ 132.170.217.166:80
Copyright Pearson Prentice-Hall 201042
43Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
44Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
There is NO security built into the standard
Security is instead provided by IPSec in the IP standard since it secures the data package where the TCP segment is contained.
Copyright Pearson Prentice-Hall 201045
46Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
47Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Ping◦ Are you there?
Traceroute◦ How do packets go from my client to a host
ICMP messages contain error messages back to originator◦ Hackers can send mal-formed ICMP message
hoping to identify IP address of host
Copyright Pearson Prentice-Hall 201048
49Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Organized Hierarchically◦ 13 DNS Root Servers
◦ Top-level Domain Servers (.com, .edu, etc.)
◦ Second-level (University of Central Florida) Need to know the names of host computers
within its own network
Cache Poisoning occurs if an attacker replaces an IP address on the DNS with a fake one
Copyright Pearson Prentice-Hall 201050
Becky GrangerDirector, Information Technology
and Member ServicesEDUCAUSE
April 29, 2010
Illustration courtesy of Niranjan Kunwar / Nirlog.com
DNS Servers cache data to improve performance
But…what happens if the cached data is wrong?
More detailed explanation: http://www.iana.org/about/presentations/davies-cairo-vulnerability-081103.pdf
Packet Interception◦ DNS's usual behavior of sending an entire query or
response in a single unsigned, unencrypted UDP packet makes these attacks particularly easy Attacker intercepts query to DNS or response back Substituting their own message
ID Guessing & Query Prediction◦ Attacker guesses UDP ID for DNS Query
DNS port number is well-known 16 bits per ID so 2⌃16 – susceptible to brute force
Name Chaining or Cache Poisoning (see previous slide)
DOS – no different from any other server
Original illustration courtesy of Niranjan Kunwar / Nirlog.com
57Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
58Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Application Exploits◦ By taking over applications, hackers gain the
permissions of the exploited program
◦ A multitude of application standards
◦ Consequently, there is a multitude of security issues at the application level
59Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Many Applications Need Two Types of Standards◦ One for the transmission of messages, one for the
content of application documents
◦ For the World Wide Web, these are HTTP and HTML, respectively
◦ For transmission, e-mail uses SMTP, POP, and IMAP
◦ For message content, e-mail uses RFC 2822 (all-text), HTML, and MIME
60Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
FTP and Telnet◦ Have no security
◦ Passwords are transmitted in the clear so can be captured by sniffers
◦ Secure Shell (SSH) can replace both securely
61Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Many Other Application Standards Have Security Issues◦ Voice over IP
◦ Service-oriented architecture (SOA); web services
◦ Peer-to-peer applications
62Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
63
Copyright © 2013 Pearson Education, Inc. Copyright © 2013 Pearson Education, Inc. Publishing as Prentice HallPublishing as Prentice Hall
top related