Download Week 6-7 - State University of Zanzibar

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Distributed firewall wikipedia , lookup

Mobile security wikipedia , lookup

Network tap wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Week 6-7
Network & Infrastructure Security
OSI Model, Network Protocol
• OSI Model
• The Open System Interconnection (OSI) model
defines a networking framework to implement
protocols in seven layers.
•
OSI Model
Physical (Layer 1)
• This layer conveys the bit stream - electrical
impulse, light or radio signal -- through the
network at the electrical and mechanical level.
• It provides the hardware means of sending
and receiving data on a carrier, including
defining cables, cards and physical aspects.
• Fast Ethernet, RS232, and ATM are protocols
with physical layer components.
Data Link (Layer 2)
• At this layer, data packets are encoded and decoded
into bits.
• It furnishes transmission protocol knowledge and
management and handles errors in the physical layer,
flow control and frame synchronization.
• The data link layer is divided into two sub layers: The
Media Access Control (MAC) layer and the Logical Link
Control (LLC) layer.
• The MAC sub layer controls how a computer on the
network gains access to the data and permission to
transmit it.
• The LLC layer controls frame synchronization, flow
control and error checking.
Network (Layer 3)
• This layer provides switching and routing
technologies, creating logical paths, known as
virtual circuits, for transmitting data from
node to node.
• Routing and forwarding are functions of this
layer, as well as addressing, internetworking,
error handling, congestion control and packet
sequencing.
Transport (Layer 4)
• his layer provides transparent transfer of data
between end systems, or hosts, and is
responsible for end-to-end error recovery and
flow control.
• It ensures complete data transfer.
Session (Layer 5)
• This layer establishes, manages and
terminates connections between applications.
• The session layer sets up, coordinates, and
terminates conversations, exchanges, and
dialogues between the applications at each
end.
• It deals with session and connection
coordination.
Presentation (Layer 6)
• This layer provides independence from
differences in data representation (e.g.,
encryption) by translating from application to
network format, and vice versa.
• The presentation layer works to transform data
into the form that the application layer can
accept.
• This layer formats and encrypts data to be sent
across a network, providing freedom from
compatibility problems.
• It is sometimes called the syntax layer.
Application (Layer 7)
• This layer supports application and end-user processes.
• Communication partners are identified, quality of
service is identified, user authentication and privacy
are considered, and any constraints on data syntax are
identified.
• Everything at this layer is application-specific. This layer
provides application services for file transfers, e-mail,
and other network software services.
• Telnet and FTP are applications that exist entirely in the
application level.
• Tiered application architectures are part of this layer.
OSI Model Security Issues
• The Physical Layer:
• Exploiting the Physical Layer could sugg est so me type
of physical action, like disrupting a power source,
changing of interface pins, or the cutting of cables.
• Simply tampering with someone’s fuse box outside
their office can cause a disrupt ion of service.
• Faulty power is a problem that can be caused
accidentally by the power company, or intentionally by
your competitor tampering with the fuse box.
• By installing an Uninterrupted Power Supply (UPS) to
your system you can avoid many unrecoverable power
associated problems.
cont
• Add an UPS to your critical system and when
power is interrupted your UPS will give you
time to perform an orderly shutdown.
• This is important because abrupt termination
of power to any electrical equipment has
potential for damage.
• With regards to your competitor tampering
with your fuse box, a lock may deter them.
cont
• A less obvious physical component of
networking is Wireless Ethernet.
• If binary is transmitted over a 2.4GHz band,
and a leaky microwave oven is also sending
2.4GHz patterns, it is not hard to guess that
there is a chance of signal disruption.
• Any old leaky ovens can cause real wireless
problems, and in the worst case scenario – a
Denial of Service (DoS).
cont
• The Data Link Layer:
• The vulnerabilities with the design of the Data
Link Layer exist because the layer was designed to
be functional and practical.
• One can imagine the last thing in the minds of the
designers was that someone would one day
exploit this technology.
• In to day’s security climate it would make sense
to have exploits as a consideration, but in the
early 80’s it was not as big a problem.
cont
• Network Interface Cards (NIC) exist to give
computers the ability to talk to each other.
• To do this they need to be able to find each other.
• In order to do this they are assigned a single
unique address – known as a MAC Address.
• Media Access Control (MAC) Addresses are used
by ARP.
• ARP is a protocol that allows a source computer
to ask other computer s if they know the MAC
address of the machine it wants to speak with.
cont
• The IP – to - MAC addressing relies on
receiving valid MAC information.
• MAC addressing in formation resides on OSI
model Layer 2.
• By altering this MAC information you are
effectively exploiting the Data Link Layer.
• This is known as ARP Cache Poisoning.
cont
• Protecting against ARP Cache Poisoning begins with
physical security.
• The attacker normally needs to be on the same
physical network for ARP poisoning to be activated in
this sense.
• The first step to proper physical security is to make
sure your staff knows who is sitting next to them, and
give them the authority and responsibility of
challenging strangers.
• Organizations can enforce this type of policy and advise
their staff to simply approach unknown people in the
office with “Hello can I help you?”
cont
• The Network Layer:
• The most important part of understanding
Layer 3 – Network Layer principles is knowing
that routers make decisions based on Layer 3
information.
• Routers understand the Internet Protocol (IP)
and base routing decisions on that
information.
cont
• If an attacker wants to cause problems when
they are physically located within the network
then they can ARP cache poison, but what if
they are outside of the network?
• They can use routers.
• Routers running older software versions can
be relatively easy to attack.
cont
• The Transport Layer:
• One way the Transport Layer ensures that
there is reliability and error checking is
through the Transport Control Protocol (TCP).
• Another protocol used at Layer 4 is UDP (User
Datagram Protocol).
• Highly reliable host-to-host communications
would be file transfers, where loss of data
would be unacceptable.
cont
• An attacker will gather information about a
system using TCP and UDP.
• Port scanning is often an attacker’s first probe of
your network.
• Lawrence Teo writes “Another sneakier,
‘stealthier’ kind of port scan is called the ‘halfopen’ SYN scan.
• In this scan, the port scanner connects to the port
but shuts down the connection right before a full
connection occurs (hence the name ‘half-open’).
cont
• The port scanner that many attackers use by
choice is NMAP.
• Considering only an Internet connection is
needed to begin malicious activities it should be
noted that
• NMAP can be obtained for free at
• http://www.insecure.org/
• Another way to reduce the risk is to implement a
Firewall.
cont
• The Session Layer:
• TCP session hijacking is when a hacker takes
over a TCP session between two machines.
• Since most authentication only occurs at the
start of a TCP session, this allows the hacker to
gain access to a machine.
cont
• In the Session Layer a very important
component exists in an attempt to prevent
unwanted connections and that is
authentication.
• Basic authentication is instigated at the
beginning of the TCP session.
• If the session is hijacked after that
authentication then the destination will ‘trust’
the hijacked session.
cont
• Presentation Layer:
• A presentation layer program formats a file
transfer request in binary code to ensure a
successful file transfer.
• Another type of code that is offered by the
Presentation Layer is Unicode.
• If the "/" character is encoded in Unicode as
"%c0%af", the URL will pass the security check, as
it does not contain an y "../" patterns. Instead the
security check only sees "..%c0%af", which it
does not recognize as a malicious pattern.
cont
• This flaw allows savvy users to enter your web
server and using Unicode access directories that
they would otherwise be restricted from.
• The reason is that IIS interprets both plain and
Unicode commands, however, only the plain
commands are compared with the denial list.
• Protecting against Unicode vulnerabilities can be
as simple as applying the recommended patches
from the vendor.
• This further illustrates that IT security is not a fix,
but an ongoing dedication.
cont
• The Application Layer:
• The interesting component here is that there is
user and application interaction.
• The most common use of IT resources would
have to be e-mail.
• Considering that formatting electronic mail
messages is part of Layer 7 it would make sense
then that malicious use of this technology would
be considered a Layer 7 threat or vulnerability.
• The greatest threat to have wide circulation must
be the e-mail Trojan (short for Trojan Horse).
cont
• “Trojan horse is a destructive program that
masquerades as a benign application.
• Unlike a viruses [sic], Trojan horses do not
replicate themselves but they can be just as
destructive.
• One of the most insidious types of Trojan
horse is a program that claims to rid your
computer of viruses but instead introduces
viruses onto your computer.”
cont
• Protecting your assets from Trojans and viruses is
serious business.
• There are various vendors you can obtain antivirus (read anti-Trojan also) software from.
• Your needs and budget will dictate who you rely
on.
• Keeping your license (if any) updated and
listening to industry watch - keepers will allow
you to be confident in your anti-virus software.
• The important thing to remember is that Trojans,
and Viruses for that matter, are created daily.
Network Protocols
• Definition: A network protocol defines rules
and conventions for communication between
network devices.
• Protocols for computer networking all
generally use packet switching techniques to
send and receive messages in the form of
packets.
cont
• Network protocols include mechanisms for devices to
identify and make connections with each other, as well
as formatting rules that specify how data is packaged
into messages sent and received.
• Some protocols also support message
acknowledgement and data compression designed for
reliable and/or high-performance network
communication.
• Hundreds of different computer network protocols
have been developed each designed for specific
purposes and environments.
Internet Protocols
• The Internet Protocol family contains a set of related
(and among the most widely used network protocols.
• Beside Internet Protocol (IP) itself, higher-level
protocols like TCP, UDP, HTTP, and FTP all integrate with
IP to provide additional capabilities.
• Similarly, lower-level Internet Protocols like ARP and
ICMP also co-exist with IP.
• In general, higher level protocols in the IP family
interact more closely with applications like Web
browsers while lower-level protocols interact with
network adapters and other computer hardware
Routing Protocols
• Routing protocols are special-purpose
protocols designed specifically for use by
network routers on the Internet.
• Common routing protocols include EIGRP,
OSPF and BGP.
How Network Protocols Are
Implemented
• Modern operating systems like Microsoft
Windows contain built-in services or daemons
that implement support for some network
protocols.
• Applications like Web browsers contain
software libraries that support the high level
protocols necessary for that application to
function.
cont
• For some lower level TCP/IP and routing
protocols, support is implemented in directly
hardware (silicon chipsets) for improved
performance.
• A group of network protocols that work together
at higher and lower levels are often called a
protocol family.
• Students of networking traditionally learn about
the OSI model that conceptually organizes
network protocol families into specific layers for
teaching purposes.
Problems with Network Protocols
• TCP/IP
– No SRC authentication: can’t tell where packet is
from
– Packet sniffing
– Connection spoofing, sequence numbers
• BGP: advertise bad routes or close good ones
• DNS: cache poisoning, rebinding
– Web security mechanisms rely on DNS
Related documents
Internet Protocols - Keira High School
Internet Protocols - Keira High School
Competencies for ITNW 2413.doc
Competencies for ITNW 2413.doc
Syllabus
Syllabus
Document
Document
Communication Protocol
Communication Protocol
61765 Computer Networks I
61765 Computer Networks I
The Internet Unit PowerPoint for Information Systems at Int 2
The Internet Unit PowerPoint for Information Systems at Int 2
Introduction - Department of Information Technologies
Introduction - Department of Information Technologies
OSI Reference Model - Eastern Oregon University
OSI Reference Model - Eastern Oregon University
Layer 1 of the TCP/IP protocol stack
Layer 1 of the TCP/IP protocol stack
Why Internetworking? - California State University, Long Beach
Why Internetworking? - California State University, Long Beach
OSI Model Pyramid - Redbird Internet Services
OSI Model Pyramid - Redbird Internet Services