Internet and Network Security

1
Internet and Network Security

• Introduction to Network Security

2
Internet and Network Security

• What you should be able to do
• Describe the types of security attacks
• Identify the scope of the security problems
• Identify the need for establishing a security
  policy
• Identify the need to establish a required point
  of access for security purposes

3
Overview

• Internet overview
• Describe the types of security attacks
• Identify the scope of the security problems
• Identify the need for establishing a security
  policy
• Identify the need to establish a single point of
  access for security purposes

4
What is the internet ?

• 50 Million Plus users
• e-mail
• Usenet
• WWW
• Info super-highway
• e-commerce
• Collection of networks

5
How the internet is Funded in the US

• Internet Services Provider (local)
• National Service Provider
• Educational or Research Networks
• Regional or State Networks
• Commercial Backbone Networks
• Network Access Points

6
Internet Security

• Prevents unauthorized network access to resources
• Authorizes own personel to use the Internet
• Increasing use of cryptography to insure
• - Privacy
• - Authentication
• - Integrity
• Complements system security

7
Types of Attacks

• Intrusion
• Gaining Access
• Using the System
• Denial of Service
• Preventing the use of resources
• Sabotage
• Flooding a service or system
• Information theft
• Sniffing

8
The Magnitude of Security Problems

• US Governement
• The US DOD expereinced 260,000 computer system
  attacks last year. In nearly two-thirds of the
  cases, attackers gained entry to the agencys
  computer networks, according to a report by the
  Rand Corp. IEEE Computer July 1996
• Private Industry
• - According to a survey of 1,320 companies by
  Information Week/Ernst Young
• 78 lost money from security breaches
• 63 suffered losses from viruses
• 32 lost money from inside hasckers
• 73 have no more than three people on secuirty
• Information Week, October 21, 1996

9
Dont Forget

• 80 of break-ins are with passwords
• Poor System Configuration
• File system protection
• Physical security
• Internal Security
• Tapes, Floppies
• Modem Access

10
Security Policy

• Set of Rules
• What is the proper use of resources
• Follows from the organizational needs
• Determines firewall design
• Management should issue a security policy
• Get RFC 1244 Site Security Handbook

11
Providing Controlled Access Point

• Providing Controlled Access Point

Firewall
Internet
Corporate ip Network
12
TCP/IP Protocols Overview

• What this section is about
• This section review the TCP/IP protocol headers
  and their exposure in terms of security
• What you should be able to do
• Describe the following concepts in relation to
  security
• Layering
• Physical Layer
• IP Layer
• IP routing
• ICMP

13
TCP/IP Protocols and Layers
Applications Transport Internet Network
Interface and Hardware
Applications TCP/UDP IP ICMP
ARP/RARP Network Interface and Hardware
14
Layering Example TFTP

• In each layer the payload contains a header and
  the payload of the layer above. The TFTP data
  contains for example 400 bytes of file data. The
  application protocol adds a TFTP header, which is
  4 bytes large. TFTP uses UDP, so UDP header is
  presented. A UDP header is 8 bytes large. The IP
  header adds another 20 bytes. Finally, an
  Ethernet header and trailer are added. Those are
  14 and 4 bytes large. If an IP packet arrives
  whose length is smaller than the combined length
  of all higher headers, the packet is of no use.
  If this happens as a result of some malicious
  intent, this is called the tiny fragment
  attack

File data
tftp
udp
ip Header
Ethernet header
Ethenet trailer
15
IP Header
Version Length Type of Service Total
Length Identification
Flags Fragment Offset TTL
Protocol Header Checksum
Source IP Address
Destination
Address Options
16
IP Options

• Intended for special handling above and beyond
  typical situations
• Many options obsolete
• Field is typically empty
• Source routing option specifies route instead of
  routers
• - Theory useful in broken routing
  environment
• - Practice used by hackers to circumvent
  security measures
• Recommendation drop packets with IP option set

17
IP Adresses
A Less than 128
B From 128 to 191
C From 192 to 223
18
Fragmentation

• DF dont fragment
• MF more fragments
• Accommodates dissimilar networks
• Fragment as you go
• Copy IP header, ID, and compute new (relative)
  offset
• Reassemble redone at the destination system using
  
• Source address
• ID
• Offset, last fragment has MF0
• Proceeding process is CPU intensive

19
IP Forwarding

• Routers manage internal routing tables
• Each datagram inspected by router for destination
  address
• Router searches Database to determine which
  interface to forward the datagram

20
IP Forwarding Principles

• Each packet is forwarded separately
• Many hops form router to router
• Router forwards IP packet to next hop
• Based on routing table
• Packets may be fragmented
• Reassembly done by
  destination host
• Router overload - packet is dropped
• TTL - Time to Live field avoids infinite loops
  (decreased at each hop)

21
Routing Protocols

• Every router knows optimal path through network
• This is used to compute the routing table
• Routing protocols distribute routing information
• RIP (Routing Information Protocol)
• OSPF (Open Shortest Path First)
• Risk - your router is sent false routing
  information
• Dont allow any routing protocol through firewall
• Firewall uses static routing

22
ICMP Messages Internet Control Message Protocol
Network error messages do not make IP more
reliable Essential when diagnosing network
problems Each Message includes a type field and
related code field Threat - bogus ICMP messages
or broadcast storms when something is wrong
23
ICMP Messages
Message type Message type 3 code
o echo reply 0
Net unreachable 3 Dest
unreachable 1 Host unreachable
4 Source quench 2
Protocol unreachable 5 Redirect
3 Fragment needed and DF

set 6 Echo
5 Source route failed
9 Router advertisement
10 Router solicitation 11 Time
exceeded 12 Parameter problem
13 Timestamp 15
Information request 16 Information
Reply
24
Port Mutiplexing
Named 53
Telenet 23
Sendmail 25
Httpd 80
UDP
TCP
IP
Data link physical
25
Socket Interface

• Socket interface to TCP/IP
• Socket system call
• Create, bind to address
• Use file descriptor such as read, write,
  close
• TCP Connection
• Localhost, local port
• Remotehost, remoteport

26
TCP Reliable Connection

• Detection of lost data, or dat received twice
• Retransmissions of lost IP packets
• Sequence number in TCP header
• Each byte is numbered and acknowledged
• ACK (sequence number) in every packet
  except the first
• Retransmissions of lost IP packets
• Flow Control
• Window size
• Number of permitted outstanding (non
  acknowledged) bytes

27
Client/Server Applications with TCP

• Server (daemon) listens on a socket (port)
• Client connects to that port
• TCP three way handshake
• SYN
• SYN, ACK
• ACK
• Establishes a connection
• Bi-directional connection
• Parties can read/write from/to socket

28
Name Services (DNS)

• www.company.com gt 123.45.67.89
• telnet host.company.com
• mail user_at_relay.company.com
• UDP- basedvulnerable
• Exposed internal configuration