1 Telecommunications & Network Security Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06...
-
Upload
sabrina-summers -
Category
Documents
-
view
216 -
download
3
Transcript of 1 Telecommunications & Network Security Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06...
11
Telecommunications & Telecommunications & Network SecurityNetwork Security
Originally (1/01) by: Usha ViswanathanOriginally (1/01) by: Usha Viswanathan
Modified (1/03, 5/06 ) by: John R. DurrettModified (1/03, 5/06 ) by: John R. Durrett
22
Presentation OverviewPresentation Overview
– C.I.A. as it applies to Network Security– Protocols & Layered Network Architectures– OSI and TCP/IP– TCP/IP protocol architecture– IP addressing & Routing– TCP– Applications– IPv6
33
C.I.A.C.I.A.
– Confidentiality: The opposite of disclosure• Elements used to insure:
Security Protocols, authentication services, encryption services
– Integrity: The opposite of Alteration• Elements used to insure:
Firewalls, Communications Security Management, Intrusion Detection Services
– Availability: The opposite of destruction / denial• Fault Tolerance, Acceptable system performance, Reliable
administration and network security
44
Protocols & the Layered Network: Protocols & the Layered Network: IntroIntro
– Protocol: • A standard set of rules that determine how computers talk• Describes the format a message must take • Enables multi-platform computers to communicate
– The Layered Architecture Concept• Data passes down through the layers to get “out”, and up to get
“in”• Reasons for use: to clarify functionality, to break down
complexity, to enable interoperability, easier troubleshooting
66
ISO’s Open Systems Interconnect (OSI) ISO’s Open Systems Interconnect (OSI) Reference ModelReference Model
– Protocol Layering• Series of small modules
Well defined interfaces, hidden inner processes
Process modules can be replaced
Lower layers provide services to higher layers
– Protocol Stack: modules taken together
– Each layer communicates with its pair on the other machine
77
The OSI ModelThe OSI Model
PhysicalPhysical
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
PhysicalPhysical
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
Across Network
The path messages take
Sender Receiver
NetworkNetworkNetworkNetwork
88
OSI LayersOSI Layers
Communication partners, QoS identified
Semantics , encryption compression (gateways)
Establishes, manages, terminates sessions
Sequencing, flow/error control, name/address resolution
Routing, network addresses (routers)
MAC address, low level error control (bridges )
Encoding/decoding digital bits, interface card PhysicalPhysical
NetworkNetwork
TransportTransport
ApplicationApplication
SessionSession
PresentationPresentation
DatalinkDatalink
99
TCP/IPTCP/IP
Network Network LayerLayer
TransportTransportLayerLayer
ApplicationApplication
Network Network LayerLayer
Network Network LayerLayer
Network Network LayerLayer
Network Network LayerLayer
TransportTransportLayerLayer
ApplicationApplication
Network Network LayerLayer
TransportTransportLayerLayer
AliceAlice BobBobRouterRouter
1010
TCP/IP: The Protocols and the OSI TCP/IP: The Protocols and the OSI ModelModel
EthernetEthernet Token BusToken Bus Token RingToken Ring FDDIFDDI
Internet ProtocolInternet Protocol
ARPARP
TELNET FTP SMTP DNS SNMP DHCPTELNET FTP SMTP DNS SNMP DHCP
DatalinkDatalinkPhysicalPhysical
NetworkNetwork
TransportTransport
ApplicationApplicationPresentationPresentation
SessionSession
ICMPICMPIGMPIGMP
RTPRTPRTCPRTCP
TransmissionTransmissionControl ProtocolControl Protocol
User DatagramUser DatagramProtocolProtocol
OSPFOSPF
RIPRIP
1111
Data Encapsulation by LayerData Encapsulation by Layer
DestinationDestinationDestinationDestination
DataData
TCP HeaderTCP Header
DatagramDatagram
PacketPacket
ApplicationApplication
TCPTCP
NetworkNetwork
Data LinkData Link
FrameFrame
Opens envelopes layer-by-layerOpens envelopes layer-by-layer
1212
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
– Traditional TCP/IP Security: None• No authenticity, confidentiality, or integrity• Implemented & expanding: IPSec
– Workhorse of the internet• FTP, telnet, ssh, email, http, etc.
– The protocol responsible for the reliable transmission and reception of data.
– Unreliable service is provided by UDP.– Transport layer protocol.– Can run multiple applications using the same transport.
• Multiplex through port numbers
1313
TCP FieldsTCP Fields
Source portSource port Destination portDestination port
Sequence numberSequence number
Acknowledgment numberAcknowledgment number
Data offset Data offset ReservedReserved WindowWindow
ChecksumChecksum Urgent pointerUrgent pointer
OptionsOptions PaddingPadding
datadata
UURRPP
AACCKK
PPSSHH
RRSSTT
SSYYNN
FFIINN
1414
TCP Connection EstablishmentTCP Connection Establishment
– Alice to Bob: SYN with Initial Sequence Number-a
– Bob to Alice: ACK ISN-a with ISN-b
– Alice to Bob: ISN-b
– Connection Established
1515
User Datagram Protocol (UDP)User Datagram Protocol (UDP)– Connectionless– Does not retransmit lost packets– Does not order packets– Inherently unreliable
– Mainly tasks where speed is essential
– Streaming audio and video– DNS
Source PortSource Port Destination PortDestination Port
Message LengthMessage Length ChecksumChecksum
DataData
……
1616
ICMP: network plumberICMP: network plumber
Message Type Type # Purpose
Echo Reply 0 Ping response –system is alive
Destination Unreachable 3 No route, protocol, or port closed
Source Quench 4 Slow down transmission
Redirect 5 Reroute traffic
Echo 8 Ping
Time Exceeded 11 TTL exceeded packet dropped
Parameter Problem 12 Bad header
Timestamp 13 Time sent and requested
Timestamp return 14 Time request reply
Information request 15 Hosts asks: What network am I on
Information Reply 16 Information Response
1717
Ports Ports
PORT USE
17 Quote of the Day
20 File Transfer Data
21 File Transfer Control
22 SSH
23 Telnet
25 SMTP
43 Whois (tcp & udp)
666 Doom
““Ports are used in the TCP [RFC793] to name the ends of logical connections which carry Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact contact port is defined. This list specifies the port used by the server process as its contact
port. The contact port is sometimes called the "well-known port". port. The contact port is sometimes called the "well-known port".
•Source portSource port•Destination portDestination port•Logical connectionLogical connection
•Priviledged – unprivileged portsPriviledged – unprivileged ports
1818
Network Address Translation (NAT)Network Address Translation (NAT)
– Illegal Addresses– Unroutable addresses: 10.0.0.0 192.168.0.0 – Limited address space in IP V4
– NAT maps bad to valid addresses• Mapping to single external address• One-to-One mapping• Dynamically allocated addresses
RouterRouter
10.0.0.510.0.0.5 12.13.4.512.13.4.5
1919
HTTPHTTP
Logical Structure of theLogical Structure of the Internet Protocol Suite Internet Protocol Suite
Physical LayerPhysical Layer
IPIP
ARPARP
TELNETTELNET
TransmissionTransmissionControl ProtocolControl Protocol
User DatagramUser DatagramProtocolProtocol
RARPRARP
Internet AddressingInternet Addressing
(ICMP,IGMP)(ICMP,IGMP)
FTPFTP SNMPSNMPDNSDNS TFTPTFTP
Connection OrientedConnection Oriented ConnectionlessConnectionless
2020
Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)
Maps IP addresses to MAC addresses
When host initializes on local network:– ARP broadcast : IP and MAC address– If duplicate IP address, TCP/IP fails to initialize
Address Resolution Process on Local Network – Is IP address on local network?– ARP cache– ARP request– ARP reply– ARP cache update on both machines
2121
ARP OperationARP Operation
ARP Request
Here is my Here is my MAC addressMAC address
129.1.1.1129.1.1.1 BB CC 129.1.1.4129.1.1.4NotNotmeme
Not Not meme
That’sThat’smeme
RequestRequestIgnoredIgnored
RequestRequestIgnoredIgnored
ARP ResponseARP ResponseAcceptedAccepted
Give me the MAC address of station 129.1.1.4Give me the MAC address of station 129.1.1.4
2222
Address Resolution on Remote Address Resolution on Remote NetworkNetwork
– IP address determined to be remote– ARP resolves the address of each router on the way– Router uses ARP to forward packet
RouterRouter
Network ANetwork A Network BNetwork B
2323
Reverse Address Resolution Protocol Reverse Address Resolution Protocol (RARP)(RARP)
Same packet type used as ARP
Only works on local subnets
Used for diskless workstations
RARP RARP RequestRequest
RARPRARPResponseResponse
DisklessDisklessWorkstationWorkstation BB CC RARPRARP
ServerServer
NotNotmeme
Not Not meme
RequestRequestIgnoredIgnored
RequestRequestIgnoredIgnored
RARP ResponseRARP ResponseAcceptedAccepted
Give me my IP addressGive me my IP address 129.1.1.1129.1.1.1
2323
2424
The Internet Protocol (IP)The Internet Protocol (IP)
– IP’s main function is to provide for the interconnection of subnetworks to form an internet in order to pass data.
– The functions provided by IP are:• Addressing• Routing• Fragmentation of datagrams
2525
Host Name ResolutionHost Name Resolution
Standard Resolution– Checks local name– Local HOSTS file– DNS server
Windows NT Specific Resolution– NetBIOS cache– WINS server– b-node broadcasts– LMHOSTS file (NetBIOS name)
2626
Routing PacketsRouting Packets
– Process of moving a packet from one network to another toward its destination
– RIP, OSPF, BGP
– Dynamic routing
– Static routing
– Source routing
2727
Static Routing TablesStatic Routing Tables
– Every host maintains a routing table• Use the “route” command in Linux and Windows
– Each row (or “entry”) in the routing table has the following columns:• (1) destination address and (2) mask• (3) gateway [i.e., the IP address of the host’s gateway/router]• (4) interface [i.e., the IP address of a host interface]• (5) metric [indicates the “cost” of the route, smaller is better]
– When the host wants to send a packet to a destination, it looks in the routing table to find out how
• Each OS handles routing somewhat differently
2828
LAN TechnologiesLAN Technologies
– Ethernet: CSMA/CD, occasionally heavy traffic, BUS topology– ARCnet: token passing, STAR topology– Token Ring: active monitor, IBM, RING topology– FDDI: token passing, fast, long distance, predictable, expensive
– Media & Vulnerabilities• Attenuation, Crosstalk, Noise• Coax: cable failure & length limits• Twisted Pair (Cat 1-7): bending cable, crosstalk, Noise• Fiber-Optic: cost, high level of expertise required to install• Wireless: later
2929
Coaxial CableCoaxial Cable
– Two types• ThinNet (10Base2)
10 Mbps, 30 nodes per segment, max 180 meters
LAN
• ThickNet (10Base5) 10 Mbps, 100 nodes per segment, max 500 meters
Backbone
– Insecure• Coax is easy to splice
3030
Twisted Pair Copper CableTwisted Pair Copper Cable
– Copper wire– Twist reduces EMI– Classified by transmission rates
• Cat3, Cat5, Cat5e, Cat6
3131
Fiber-Optic CableFiber-Optic Cable
– Glass core with plastic shielding– Small, light, fragile, and expensive– Very fast transmission rate– Can transmit data very far– Immune to interference– Hard to splice
3232
Security ConcernsSecurity Concerns
– Easy to insert a node or splice into network
– Most attacks involve eavesdropping or sniffing
– Physical security– War driving
3333
Network TopologiesNetwork Topologies
– BUS• Ethernet
– RING• Unidirectional• FDDI, Token Ring
– STAR• Logical BUS tends to be implemented as physical Star
– TREE• Basically a complicated BUS topology
– MESH• Multiple computer to computer connections
3434
Hubs & SwitchesHubs & Switches
– Hub:• broadcasts information received on one interface to all other
physical interfaces
– Switch: • does not broadcast• Uses MAC address to determine correct interface
3535
Unswitched DevicesUnswitched Devices
“Dumb” Devices(forward all packets)
– Layer 1 = Hub, Repeater• Technically, a hub passes
signals without regenerating them
– Layer 2 = Bridge• Connects different types of
LANs (e.g., Ethernet and ATM, but not Token Ring if you’re lucky)
“Intelligent” Devices(decide whether to forward
packets)
– Layer 3 = Router• Use routing table to make
decisions• Improved
performanceand security
– Layer 2/3 =Bridge/Router
3636
SwitchesSwitches
– Layer 2 = data link layer (MAC address) = + over hubs/repeaters• Systems only see traffic they are supposed to see• Unswitched versus switched (full duplex) 10 and 100 mb Ethernet =
40% of bandwidth versus 95%+ (no collisions)– Layer 3 = network layer (IP address) = + over routers
• Routers moved to periphery• Virtual LANs (VLANs) become viable
– Layer 4 = transport layer (TCP/UDP/ICMP headers) = + over L3• Firewall functionality (i.e., packet filtering)• Significantly more expensive
– Layer 5 = session layer and above (URLs) = + over L4 for clusters• Application proxy functionality (but MUCH faster than proxies)• Special function, cutting-edge = significant specific performance gains• 1999/2000: researchers (from IBM & Lucent) designed a layer 5 switch as
front-end to a load-balanced 3-node cluster running AIX and Apache: 220% performance increase due to content partitioning
600% performance increase due to SSL session reuse
3737
FirewallsFirewalls
– Control the flow of traffic between networks
– Internal, External, Server, Client Firewalls
– Traditional Packet filters– Stateful Packet filters– Proxy-based Firewalls
3838
Traditional Packet FiltersTraditional Packet Filters
– Analyses each packet to determine drop or pass– SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface
– Very limited view of traffic
Action Source Destination Protocol SrcPort Dest Port Codebits
Allow Inside Outside TCP Any 80 Any
Allow Outside Inside TCP 80 >1023 ACK
Deny All All All All All All
3939
Stateful Packet FiltersStateful Packet Filters
– Adds memory of previous packets to traditional packet filters
– When packet part of initial connection (SYN) it is remembered– Other packets analyzed according to previous connections
4040
Proxy-based (Application) FirewallsProxy-based (Application) Firewalls
– Focus on application to application
– Can approve:• By user• By application• By source or destination
– Mom calls, wife answers, etc.
4141
Firewall ArchitecturesFirewall Architectures
– Packet-Filtering Routers• Oldest type, sits between “trusted” & “untrusted” networks
– Screened-Host Firewalls• Between a trusted network host and untrusted network
– Dual-Homed Host Firewalls• Two nics, ip forwarding, NAT translation
– Screened-Subnet Firewalls• Two screening routers on each side of bastion host• DMZ
4242
SecuritySecurity
– Encryption: Symmetric vs Asymmetric, hash codes
– Application Layer• PGP, GnuPG, S/MIME, SSH
– Session Layer: Secure Socket Layer (SSL)• Digital certificates to authenticate systems and distribute
encryption keys• Transport Layer Security (TLS)
– Network-IP Layer Security (IPSec)• AH: digital signatures• ESP: confidentiality, authentication of data source, integrity
4343
IPSecIPSec Authentication Header (AH) Authentication Header (AH)
Next Header Payload Length Reserved
Security Parameters Index (SPI)
Sequence Number Field
Authentication Data
(variable number of 32 bit Words)
4444
IPSecIPSec: Encapsulating Security Payload (ESP): Encapsulating Security Payload (ESP)
Security Parameters Index (SPI)
Sequence Number Field
Opaque Data, variable Length
Padding
Pad Length Next Header
Authentication Data
4545
Introduction to the TCP/IP Introduction to the TCP/IP Standard ApplicationsStandard Applications
– DHCP–Provides for management of IP parameters.
– TELNET–Provides remote terminal emulation.– FTP–Provides a file transfer protocol.– TFTP–Provides for a simple file transfer
protocol.– SSH-Encrypted remote terminal & file
transfer– SMTP–Provides a mail service.– DNS–Provides for a name service.
4646
DHCP OperationDHCP OperationDHCPDHCPServerServer
BB
DHCP ClientDHCP ClientDHCPDHCPServerServer
AA
DHCP DiscoverDHCP A Offer (IP addr)DHCP A Offer (IP addr)
DHCP B Offer (IP addr)DHCP B Offer (IP addr)
DHCP Request (A)DHCP Request (A)
DHCP A ACKDHCP A ACK
FFFFFF
4747
TELNETTELNET
TELNETTELNETclientclient
HostHost
TELNET TELNET serverserver
TELNET TELNET serverserver
4848
File Transfer Protocol (FTP)File Transfer Protocol (FTP)
ClientClient
HostHost
StorageStorage
(TFTP – (TFTP – uses UDP)uses UDP)
4949
Simple Mail Transfer Protocol (SMTP)Simple Mail Transfer Protocol (SMTP)
–Basic RFCs 821, 822, 974.–Very fast and capable of delivery guarantee depending on client & server.–Primary protocols are used for today’s email.
• SMTP–operates over TCP, used primarily as send protocol• POP–operates over TCP, basic receive protocol• IMAP-allows remote storage• Exchange-calendar, contacts, storage, news• http-web interface
–Problems:• Phishing, viruses, no built in protects for “stupidity”• Client software glitches
5050
Post Office Protocol (POP)Post Office Protocol (POP)
– SMTP is set up to send and receive mail by hosts that are up full time.
• No rules for those hosts that are intermittent on the LAN– POP emulates you as a host on the network.
• It receives SMTP mail for you to retrieve later– POP accounts are set up for you by an ISP or your company.– POP retrieves your mail and downloads it to your personal computer
when you sign on to your POP account.
5151
POP OperationPOP Operation
TCP port 110 connectionTCP port 110 connectionattemptattempt ““POP3 server ready” replyPOP3 server ready” reply
Wait for authentication Wait for authentication
Send authenticationSend authentication Process authentication and ifProcess authentication and ifokay, enter transaction stateokay, enter transaction stateLock mailbox for user.Lock mailbox for user.Assign messages numbersAssign messages numbersSend messagesSend messagesDelete (possibly) messagesDelete (possibly) messages
Retrieve all messagesRetrieve all messagesSend QUIT commandSend QUIT commandSession closedSession closed
Quit receivedQuit receivedPerform update on mailboxPerform update on mailbox
Read messages locallyRead messages locally
POPPOPServerServer
POP ClientPOP Client
5252
SMTP, DNS, and POP TopologySMTP, DNS, and POP Topology
YourYourPCPC
POP3/SMTPPOP3/SMTP
mnauglemnaugleuser1user1user2user2
SMTPSMTP
Your ISPYour ISP
Send mailSend mail
Retrieve mailRetrieve mail
InternetInternet
SMTPSMTP
DNSDNS
joejoe POP ServerPOP ServerJoe’s PCJoe’s PC
send mailsend mail
Retrieve mailRetrieve mail
DNSDNS
Remote ISPRemote ISP
root DNSroot DNS
POP ServerPOP Server
5353
IPv6IPv6
– IPv6 features:
• 128 bit address space
• 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
• ARP not used, “Neighbor Discovery Protocol"
– IPv6 addressing:
• Unicast: A one-to-one IP transfer
• Multicast: A one-to-many-but-not-all transfer
• Anycast: A one-to-many-but-not-all (nearest in group)
• No broadcast
5454
ReferencesReferences
– RFCs: 1180 - A TCP/IP tutorial, 1812 - IP Version 4 Routers1122 - Requirements for Internet Hosts -- Communication Layers1123 –Requirements for Internet Hosts -- Application & Support826 – Address Resolution Protocol, 791 – IP addressing,950 – Subnetting, 1700 – Assigned Numbers
– TCP/IP 24/7 (ISBN: 0782125093)
– MCSE TCP/IP for Dummies : Cameron Brandon
– Illustrated TCP/IP : Matthew Naugle