Securing Network Services - PowerPoint PPT Presentation

About This Presentation
Title:

Securing Network Services

Description:

Title: Securing Network Services Author: Timothy J. Shimeall Last modified by: Timothy J. Shimeall Created Date: 11/6/2003 9:30:31 PM Document presentation format – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 17
Provided by: TimothyJ78
Category:

less

Transcript and Presenter's Notes

Title: Securing Network Services


1
Securing Network Services
2
How TCP Works
  • Set up connection between port on source host to
    port on destination host
  • Each connection consists of sequence of numbered
    packets, with source (port, address), destination
    (port, address) and flags
  • First packet SYN (synchronize sequence numbers)
  • Response packet - SYN ACK
  • Thereafter ACK
  • Last packet FIN ACK
  • Ports are associated with services
  • 21 - FTP
  • 25 e-mail
  • 80 - http
  • many many more
  • Based on client-server model

3
How UDP works
  • Unreliable (unwarranted) delivery of information
    between systems -- No acknowledgement
  • Ports for UDP services
  • Port 123 -- Network Time
  • Port 53 -- DNS
  • Port 69 -- TFTP
  • Port 514 -- Syslog
  • Port 517 Talk
  • Based on stateless distribution of information

4
Application Services
  • Domain Name Service (DNS) -- TCP/UDP
  • Replaced /etc/hosts files
  • Tree-structured query system
  • Replies -- either answer or reference to more
    refined domain
  • Mail -- TCP (port 25)
  • FTP -- file transfer protocol -- TCP
  • HTTP -- World Wide Web -- TCP

5
TCP/IP Services
  • Many have security risks
  • Ways to access your computers
  • Information on your computers and your users
  • Can block them all (Paranoid approach)
  • More often-- keep some, block others
  • Blocking method -- firewalls

6
General Points
  • Will discuss variety of services with security
    implications
  • Not full list of internet services
  • Not full list of security problems
  • Administrators need to understand implications
    before offering service
  • CERT advisories
  • Configuration options
  • Prudent attitude

7
User Education
  • Suspicious network behavior
  • Suspicious user behavior
  • Who to contact
  • When to contact
  • Exercises

8
Web
  • WWW World Wide Web
  • System for automated information exchange
  • Allows rapid access to flexibly-presented
    information
  • Well over 50 of Internet traffic
  • Presentation Options
  • Formatted Hypertext
  • Bitmap graphics
  • Program execution (CGI scripts, Applets, etc.)
  • Audio
  • Movies
  • Many more

9
WWW Threats
  • Exploitation of server or script bugs
  • Disclosure of unauthorized information
  • Interception of confidential information
  • Information loading from web client by rogue
    server
  • Dependence on licensed software

10
WWW Risky Options
  • Server-side includes
  • Sending email from server
  • Accessing PERL on server
  • Spawning sub-processes
  • Calling scripts outside of controlled directories
  • Mixing HTTP and anonymous FTP

11
WWW Access Control
  • Configure scripts to be read and executed only by
    server
  • Use prudent access to exported files
  • Dont use per-directory access files
  • Use certified public keys for access
  • Use server-side password for access

12
WWW Privacy
  • Network-side
  • Link encryption
  • Document encryption
  • Secure Socket Layer
  • Secure HTTP
  • All subject to limitations on Encryption
  • Log files
  • Restrict access
  • Dont retain on server machine
  • Use syslogd
  • Warn users about logging

13
Web Browsers
  • Executing code from the net
  • Trusting vendors / Licensing
  • Dependence on third parties

14
RPC
  • Remote Procedure Call
  • Calling program calls client code and waits
  • Client code bundles parameters into message to
    server (XDR - external data representation)
  • Server executes call with supplied data,
    returning result in message to client code
  • Client code returns result to calling program
  • Requires
  • Client knowing server
  • Client Server agree on communication
    (portmapper)
  • Authentication
  • Auth_none - live fast, die young
  • Auth_UNIX - UID/GID authentication (trust client)
  • Auth_DES - Secret/public key authentication(Diffi
    e/Hellman key exchange, DES encryption)
  • Auth_KERB - Kerberos authentication

15
Kerberos
  • Produced for MIT project ATHENA
  • Authenticates
  • User to client and server
  • Client to server
  • Server to client
  • Centralized and stateless
  • Passwords stored unencrypted on central server
  • Never transmitted across network

16
Kerberos Protocols
  • Login
  • User enters username and password
  • Client sends username and current time encrypted
    with password
  • Server decrypts information and verifies valid
    user
  • Returns session key encrypted with user password
  • Service Request
  • Client sends request to ticket-granting server,
    encrypted with session key
  • TGS responds with identity of server, encrypted
    ticket all encrypted with session key
  • Client passes encrypted ticket to server with
    client IP and username
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Securing Network Services" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!