Cpre 532

1
Cpre 532

• Lecture 15

2
Overview

• Internal Services

3
FTP
User Interface
Control port 21
Protocol
Data port 21
Data Transfer
4
Security Issues for FTP

• Password is in clear text
• Easier then Telnet, password is in one packet
• No secure user to host
• No host to host authentication
• The entire session is in clear text
• Server can be rogue server, sending out viruses
• Trojan horses
• Brute force passwords

5
User Issues

• .netrc allows one to create a file with the
  following syntax (Unix)
• Machine host Login Name password
• This is a trust relationship, hackers look for
  these files to break into more computers
• PC and Mac, clients store username and password
  in many different files, same vulnerability as
  UNIX

6
Anonymous FTP

• Ftp server that is usually dispensing public
  information and doesnt want to limit the access
• A ftp server that anyone can log in, login is
  anonymous, any password will work, no
  authentication
• Owned and managed by root

7
Setting Up FTP

• Ftp needs a login make shell /bin/true
• If someone tries the su command they can get a
  root shell
• Make directory /home/ftp 555 r-x r-x r-x
• Under that directory make a /bin -- x-- x -- x
• In bin add ls with --x -- x -- x
• Make and etc directory, put password file
• Pub directory which contains .forward .rhosts
  and use r-xr-xr-x

8
Demonstration

• FTP demonstration on file access

9
Setting Up FTP cont

• One can log many events
• Who logged in, what IP
• What files did one download
• Look for files that are hidden
• These files get hidden from user
• _._ These also get hidden from user

10
NFS

• Network File System, created by Sun in the 1980s.
  
• Designed to allow file sharing so that a user can
  logon any machine and have their home directory

Server
Client
User
NF
NFS
11
Design of NSF

• NSF is a stateless machine, every request is
  independent
• This simplifies the server, not based on Tcp but
  the Udp protocol

Server
Client
Lookup File
Gives Handle
Use Handle to Read, Write, remove, rename, link,
remove dir, etc.
12
Stack
NFS
RPC
Remote Procedure Call makes networking look like
function calls
XDR
Hides information like byte order, floating
point, etc..
UDP
13
Auth_Unix

• Client User Credentials
• Host name, user id, group id
• There is a secure NFS which uses Diffie-Helman
  Key exchange

14
NSF workings

• Client Server
• /home/issl /home/issl
• /etc
• /bin
• These file need to have same UID and GID
• We need uniform UID space which is handled by a
  common password file
• What to do with Root?
• By default Root has less access then a normal
  user account in NSF, and can only go where world
  can go
• Root UID 0 on normal system but on NSF UID -gt
  -2
• Basically if you are privileged on one computer
  you are not privileged on another

15
NFS Mounting

• File Systems are mounted on the root directory
  tree
• Mounting means links into file system
• To mount file systems
• Mount t nfs machine /FS /NFS/XYZ
• By default

UID GID
Server
Client
Handle
16
Next Time

• PCs and network file systems
• X windows

17
Questions