Communication Protocols. A network is just a bunch of devices communication. There are all sorts...
-
Upload
ashley-alfred-riley -
Category
Documents
-
view
217 -
download
1
Transcript of Communication Protocols. A network is just a bunch of devices communication. There are all sorts...
![Page 1: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/1.jpg)
INTRODUCTION TO INFORMATION
SECURITYCommunication Protocols
![Page 2: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/2.jpg)
Communication Protocols
A network is just a bunch of devices communication.
There are all sorts of protocols out there today being used: 3GPP/GSM/SS7, TCP/IP, Ethernet, W/LAN, Bluetooth, ATM, HDMI, USB, etc.
All protocols have been designed to serve different purposes, their purpose usually demands their structure and services they provide.
Of course the most important of all is the Internet Protocol (IP).
![Page 3: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/3.jpg)
Secured Communication
Securing Transfer of Information is a problem of centuries. In the middle ages pigeons with notes were captured in order to intercept communication.
Our computer systems are valuable because they can communicate. Can you find a computer with out internet ?
Communications are an essential part of the security trust-base.
![Page 4: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/4.jpg)
Communication compromise types
![Page 5: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/5.jpg)
Communication denial types
![Page 6: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/6.jpg)
Communication compromise types
Eavesdropping - information leaves a device it can be intercepted.
Man in the middle– communication is routed through a 3rd party.
Man on the side– eavesdropping information is used to for impersonation.
Denial of Service (DoS). Distributed Denial of Service (DDoS). In other words, a hackers goals by priority is:
Divert traffic for man in the middle. Eavesdrop on traffic.
![Page 7: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/7.jpg)
Popular Communication Defenses
Firewalls - used to protect against unwanted packets, limiting in advance to a set of rules of acceptable traffic only.
VLAN – separate the network into different Virtual LAN, every virtual LAN is a different trust base segment. Needs to be carefully designed.
End-to-End encryption, who cares what happens in between its all encrypted and most importantly authenticated/signed, eg. SSH, SSL.
Intrusion Detection/Prevention Systems (IDS/IPS) – passively monitors data and looks for signs of “bad” behavior, and can then deny traffic.
![Page 8: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/8.jpg)
Ethernet
Destination (Media Acess Control) MAC Address denotes the target device in the local network.
If the MAC Address is FF:FF:FF:FF:FF:FF the message is broadcast to all devices in the local network.
![Page 9: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/9.jpg)
IP
![Page 10: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/10.jpg)
Typical IP Routing Scheme
![Page 11: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/11.jpg)
TCP
![Page 12: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/12.jpg)
Typical TCP Connection
A is connecting to B using the 3-way hand-shake
A sends a TCP-SYN from a random source port to a specific destination port (eg. Port 80 for HTTP)
B replies with TCP-SYN+ACK from the source port 80 to the random destination port.
A replies with an ACK. DATA is exchanges. A or B initiate a TCP-FIN to end the
connection.
![Page 13: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/13.jpg)
Our tools
Wireshark – a spin-off from ethereal which started as a GUI interface for tcpdump. Wireshark sniffs communications and records
them in capture files .cap or .pcap Has many modules supporting enormous
amount of protocol types. Straight-forward interface.
Scapy – Another useful python module. Also available for perl, don’t tell Itamar. (http://
sylv1.tuxfamily.org/projects/scaperl.html) But we’ll use python anyhow.
![Page 14: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/14.jpg)
Demos
[Demo sniffing a cookie with wireshark. [Demo using scapy].
![Page 15: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/15.jpg)
Wireshark – setup capture filter
![Page 16: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/16.jpg)
Wireshark – capture filter
Capture filter are very fast and tell wireshark which data to record.
![Page 17: Communication Protocols. A network is just a bunch of devices communication. There are all sorts of protocols out there today being used: 3GPP/GSM/SS7,](https://reader036.fdocuments.in/reader036/viewer/2022062423/56649e715503460f94b6f42c/html5/thumbnails/17.jpg)
Recording data
Alternatively you can also record .pcap files with tcpdump.
eg.: tcpdump –ni any –w out.pcap Reading files is also possible with scapy:
from scapy.all import * all_packets = rdpcap(“data01.pcap”)