TCPIP from a Security Standpoint - PowerPoint PPT Presentation

About This Presentation
Title:

TCPIP from a Security Standpoint

Description:

Free. Robust. Flexible ... on the wire and connect alligator clips ... Easy to just clip on to the connections. Punch panels. Screw terminal ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 19
Provided by: Dic972
Category:

less

Transcript and Presenter's Notes

Title: TCPIP from a Security Standpoint


1
TCP/IP from a Security Standpoint
  • CS-480b
  • Dick Steflik

2
TCP/IP Guru-ism
  • You dont have to know all of the details
  • You do need to know your system
  • What services it is providing
  • What protocols are involved
  • What vulnerabilities is has
  • How to minimize the risks

3
Why TCP/IP ?
  • Packet based
  • Provides decentralized control
  • Devices are peers
  • Its routable
  • Independent of transmission medium
  • Open standard
  • Free
  • Robust
  • Flexible
  • Pragmatic

4
Physical Layer
  • Three major categories based on connection
    behavior
  • Dial-up
  • temporary point-to-point
  • WAN and MAN
  • premanent point-to-point
  • LAN
  • two or more devices communicating over a shared
    broadcast media

5
Dial-up
  • Dial-up (and modems)
  • Temporarily connected point-to-point
  • uses telephone infrastructure
  • audio frequency modems
  • vulnerabilities
  • Cannot provide physical security along entire
    communications path
  • Cables are usually run through public
    infrastructure making physical security almost
    impossible
  • Peel back the insulation on the wire and connect
    alligator clips
  • Telephone connection panel in basements of
    buildings
  • Easy to just clip on to the connections
  • Punch panels
  • Screw terminal connections

6
WAN and MAN
  • WAN and MAN
  • Constantly connected point-to-point
  • uses telephone backbone, microwave, radio, fiber
    optic
  • dedicated digital leased lines
  • specially conditioned telephone lines (guaranteed
    quality)
  • 56Kbps - 9.95 Gbps
  • T1 - 56Kbps
  • T2 - 6.312 Mbps
  • T3 -44.736 Mbps
  • OC1 51.84 Mbps
  • OC48 - 2488 Mbps
  • OC192 - 9.95 Gbps
  • CSU/DSU - Carrier Set Unit / Data Set Unit
    (connection device)
  • can be routed like a layer 3 protocol

7
WAN and MAN (more)
  • Vulnerabilities
  • Because much is done using radio and microwave
    links interception by a third party is pretty
    easy (especially radio), laser communication is
    harder to intercept but is overall less reliable
    due to environmental issues
  • Remedy
  • Encrypt the data before placing it on an
    unsecured links like radio, microwave laser

8
LAN
  • Two or more network devices communicating over a
    shared broadcast media
  • local area, shared communications medium
  • Ethernet, Token-ring, FDDI
  • Vulnerabilities
  • Because much is done using radio and microwave
    links interception by a third party is pretty
    easy (especially radio), laser communication is
    harder to intercept but is overall less reliable
    due to environmental issues
  • Remedy
  • Encrypt the data before placing it on an
    unsecured links like radio, microwave laser

9
Dial-up
  • Temporary connections
  • Established as needed
  • Cannot provide physical security along entire
    communications path
  • Cables are usually run through public
    infrastructure making physical security almost
    impossible
  • Peel back the insulation on the wire and connect
    alligator clips
  • Telephone connection panel in basements of
    buildings
  • Easy to just clip on to the connections
  • Punch panels
  • Screw terminal connections

10
Modems
  • Convert low speed digital signals to audio or
    phase encoded signals for transmission through
    the public access telephone system,
  • Most consumer used modems work over unconditioned
    analog lines on the public access telephone
    system
  • Vulnerabilities
  • Because of the public access, hard to secure
    against physical tampering
  • Tap on with another modem and listen as the data
    goes by
  • Remedy
  • Encrypt data on the computer side of the sending
    and receiving modems

11
ISDN
  • Integrated Services Digital Network
  • a system of digital phone connections that allows
    data to be transmitted simultaneously across the
    world using end-to-end digital connectivity.
  • Available for gt 10 years
  • Data is sent digitally unlike modems
  • Uses a Terminal Adapter rather than a modem
  • Must be with-in 18000 ft. to telco facilities
  • gt 18000 ft.requires expensive repeaters
  • 16 or 64 kbps depending on service type
  • Vulnerabilities
  • Same as modems, physical security
  • Remedy
  • encryption

12
Data Link Layer
  • IEEE views the OSI Data Link Layer as 2 layers
  • Media Access Control (MAC) Sublayer
  • Translates generic network requests into device
    specific terms
  • Logical Link Control (LLC) Sublayer
  • Provides the operating system link to the device
    driver

13
Media Access Control
  • This is the actual device driver that controls
    the NIC
  • Reporting of and setting of device status
  • Packaging of outgoing data from the LLC layer
  • Sending of outgoing data
  • Receiving of incoming data
  • Unpacking of incoming data, error checking and
    passing data to LLC layer
  • MAC addresses are burned into the NIC and should
    be globally unique (by OEM agreement)
  • But they are of local scope to the LAN, LAN
    protocols like ethernet and token-ring have no
    provisions to pass data from one LAN to another
    so a LAN should always see unique MAC addresses

14
Ethernet
  • Framing
  • 6 byte Destination address (MAC address)
  • 6 byte Source address (MAC address)
  • 2 byte type (of packet in payload)
  • 0800 IP Datagram (46-1500 bytes)
  • 0806 ARP packet (28 bytes data18 bytes of
    padding))
  • 0835 RARP packet (28 bytes 18 bytes of
    padding)
  • 4 byte CRC
  • Remember, the ethernet information will always
    stay local to the LAN its the IP, ARP or RARP
    packet that will move it from LAN to LAN and
    across the Internet

15
PPP
  • Designed to support multiple network types over
    the same serial link
  • Supersedes SLIP (Serial Line Internet Protocol)
  • Framing
  • 5 byte header
  • 7E FF 03 (constant)
  • 2 byte type field
  • 0021 IP Datagram
  • Link control packet C021
  • Network control data - 8021

16
Link Establishment Subversion
  • Hacker can use call forwarding to forward an
    incoming call to the hackers phone number
  • Since Windows supports other network protocols
    (NetBEUI, IPX, IP over PPP) the hacker can then
    attempt to use one of those protocols to break
    into the calling machine
  • Dial-up connections via cell phones can be
    hijacked right out of the air with a proper
    receiver
  • Harder to do with digital cell phones

17
Media Access Subversion
  • Its up to the MAC to reject all but the packets
    destined for that machine a hacker can put their
    MAC/NIC into promiscuous mode and receive all
    packets on the LAN
  • Most device drivers dont support this mode so to
    do this a new device driver must be introduced
  • Its a good idea to every once in a while to scan
    all of the machines on your network looking for
    any machines that might be running promiscuously
  • Find out why they are running in promiscuous mode
  • Fix it

18
Logical Link Control
  • OS control of the Device Driver
  • Multiple instances of driver for multiple NICs
  • Multiple Device drivers for different kinds of
    devices
  • Windows NDIS
  • UNIX character mode device specification
Write a Comment
User Comments (0)
About PowerShow.com