TCPIP Security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

TCPIP Security

Description:

The TCP/IP protocol stack was developed in a 'trusting' environment ... Used SYN flooding and TCP Hijacking (spoofing) Famous Attack. Mitnick Attack. Router ... – PowerPoint PPT presentation

Number of Views:172
Avg rating:3.0/5.0
Slides: 23
Provided by: knig9
Category:

less

Transcript and Presenter's Notes

Title: TCPIP Security


1
TCP/IPSecurity
2
TEACHING POINTS
  • TCP/IP vulnerabilities
  • Mitnick attack
  • firewalls
  • IDS
  • IPSEC, SSL, VPN

3
TCP/IP Vulnerabilities
  • The TCP/IP protocol stack was developed in a
    trusting environment
  • Passwords for telnet, ftp, mail, etc. are sent
    over the network in the clear or with a known
    encoding
  • Many of the communications protocols rely on the
    participants being well behaved and truthful

4
Internetworking
Host A
Host B
Router K
Internet
Network Access
Network 2
Physical
Network 1
5
Protocol Data Units
USER DATA
TCP Header
IP Header
Net Header
6
IP Specifics
  • Responsible for moving data across Internet
  • Send and forget
  • Does not guarantee
  • Delivery
  • Packets delivered in order sent
  • Packets delivered undamaged
  • Employed on various networking technologies

7
IP Header
0 16 31
Version
Total Length
IHL
Type of Service
Identification
Fragment Offset
Flags
Header Checksum
Time to Live
Protocol
Source Address
Destination Address
Options and Padding
8
TCP Specifics
  • Provides reliable data transfer between apps
    running on different hosts
  • Divides data into TCP segments and transmits them
    using IP
  • Protects against data loss, corruption, packet
    reordering and data duplication
  • Adding checksums (tx)
  • Sequence Numbers (tx and rx)
  • Acknowledgement packets (rx)

9
TCP Header
Source Port
Destination Port
Sequence Number
Acknowledgement Number
Data Offset
Window
Flags
Reserved
Urgent Pointer
Checksum
Options and Padding
10
TCP Header
U R G
AC K
P S H
R S T
S Y N
F I N
FLAGS
11
Three Way Handshake
A
B
SYN SN X
SYN SN Y AN X 1
AN Y 1
12
IP Spoofing
  • The receiving host relies on the sending host to
    tell the truth about its IP address, port
    numbers, etc.
  • Why would you want to do it?
  • Obtain root access
  • Take over an open terminal and login
  • Exploit applications that use authentication
    based on IP addresses
  • How do you do it?
  • Create packets with spoofed IP address

13
IP Spoofing attack - Coles Notes
  • Select target host
  • Discover a pattern of trust and a trusted host
  • Disable trusted host
  • Sample targets TCP sequence numbers
  • Impersonate trusted host
  • Guess sequence numbers
  • Connection attempt made to a service that
    requires address based authentication
  • If successful, attack executes simplified command
    for back door

14
IP Spoofing - Considerations
  • Key to the attack identify a trusted host
  • Disrupt the real trusted host
  • e.g. TCP SYN flooding (Denial of Service)
  • Attacker sends forged packets
  • Attacking host never receives ACKs
  • Sent to real trusted host by routers
  • Attacker must predict responses
  • specifically sequence numbers need to be predicted

15
Famous Attack
  • Kevin Mitnick on Tsutomu Shimomuras system in
    1994
  • Used SYN flooding and TCP Hijacking (spoofing)

16
Mitnick Attack
Target
Trusted Host
Attacker
17
What Did He Get?
  • Caught in 1995
  • 25-count federal indictment for allegedly copying
    proprietary software from the computers of
    cellular telephone manufacturers (Computer fraud)
  • 46 months and three years probation
  • Released 21 Jan 2000
  • Cannot have anything to do with a PC until 20 Jan
    2003

18
How to Tighten-up
  • Firewalls
  • monitor network traffic at the point of
    connection to external networks
  • allow or refuse traffic based on a set of rules
  • restricts the set of services that are allowed to
    cross the firewall (in either direction)
  • IDS
  • intrusion detection systems
  • monitor network traffic at the point of
    connection to external networks and/or within
    local networks
  • monitor the traffic flows looking for malicious
    use of the network services
  • raises alarms on the detection of misuse

19
How to Tighten-up
  • There are newer more secure protocols to use at
    many layers of the protocol stack
  • SSH
  • secure shell - replaces telnet, ftp and provides
    encrypted password exchange and session
    communications
  • IPSec
  • secure IP headers and payload provide integrity
    and confidentiality services between hosts
  • SSL
  • secure socket layer - pki based authentication
    and key management services to secure a
    host-to-host connection
  • VPN
  • virtual private networks - secure gateways
    provide integrity and confidentiality services
    between networks

20
Firewall
  • Refuse
  • malformed packets
  • services considered unsafe
  • services which should notbe available
  • packets that do not belong to alegitimate
    connection
  • Add
  • extra authentication services andrules to
    existing protocols

Attacker
21
Intrusion Detection System - IDS
IDS
Firewall
IDS
internet
  • Monitor
  • traffic that looks likescanning attempts
  • traffic that should not legitimatelybe carried
    on the internal network
  • signatures of well known attacks
  • changes in patterns of user activity

Attacker
22
TEACHING POINTS
  • Trojans
  • TCP/IP vulnerabilities
  • Mitnick attack
  • firewalls
  • IDS
  • IPSEC, SSL, VPN
Write a Comment
User Comments (0)
About PowerShow.com