Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer security wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Mobile security wikipedia , lookup
Network tap wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Week 6-7 Network & Infrastructure Security OSI Model, Network Protocol • OSI Model • The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. • OSI Model Physical (Layer 1) • This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. • It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. • Fast Ethernet, RS232, and ATM are protocols with physical layer components. Data Link (Layer 2) • At this layer, data packets are encoded and decoded into bits. • It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. • The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. • The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. • The LLC layer controls frame synchronization, flow control and error checking. Network (Layer 3) • This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. • Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. Transport (Layer 4) • his layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. • It ensures complete data transfer. Session (Layer 5) • This layer establishes, manages and terminates connections between applications. • The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. • It deals with session and connection coordination. Presentation (Layer 6) • This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. • The presentation layer works to transform data into the form that the application layer can accept. • This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. • It is sometimes called the syntax layer. Application (Layer 7) • This layer supports application and end-user processes. • Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. • Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. • Telnet and FTP are applications that exist entirely in the application level. • Tiered application architectures are part of this layer. OSI Model Security Issues • The Physical Layer: • Exploiting the Physical Layer could sugg est so me type of physical action, like disrupting a power source, changing of interface pins, or the cutting of cables. • Simply tampering with someone’s fuse box outside their office can cause a disrupt ion of service. • Faulty power is a problem that can be caused accidentally by the power company, or intentionally by your competitor tampering with the fuse box. • By installing an Uninterrupted Power Supply (UPS) to your system you can avoid many unrecoverable power associated problems. cont • Add an UPS to your critical system and when power is interrupted your UPS will give you time to perform an orderly shutdown. • This is important because abrupt termination of power to any electrical equipment has potential for damage. • With regards to your competitor tampering with your fuse box, a lock may deter them. cont • A less obvious physical component of networking is Wireless Ethernet. • If binary is transmitted over a 2.4GHz band, and a leaky microwave oven is also sending 2.4GHz patterns, it is not hard to guess that there is a chance of signal disruption. • Any old leaky ovens can cause real wireless problems, and in the worst case scenario – a Denial of Service (DoS). cont • The Data Link Layer: • The vulnerabilities with the design of the Data Link Layer exist because the layer was designed to be functional and practical. • One can imagine the last thing in the minds of the designers was that someone would one day exploit this technology. • In to day’s security climate it would make sense to have exploits as a consideration, but in the early 80’s it was not as big a problem. cont • Network Interface Cards (NIC) exist to give computers the ability to talk to each other. • To do this they need to be able to find each other. • In order to do this they are assigned a single unique address – known as a MAC Address. • Media Access Control (MAC) Addresses are used by ARP. • ARP is a protocol that allows a source computer to ask other computer s if they know the MAC address of the machine it wants to speak with. cont • The IP – to - MAC addressing relies on receiving valid MAC information. • MAC addressing in formation resides on OSI model Layer 2. • By altering this MAC information you are effectively exploiting the Data Link Layer. • This is known as ARP Cache Poisoning. cont • Protecting against ARP Cache Poisoning begins with physical security. • The attacker normally needs to be on the same physical network for ARP poisoning to be activated in this sense. • The first step to proper physical security is to make sure your staff knows who is sitting next to them, and give them the authority and responsibility of challenging strangers. • Organizations can enforce this type of policy and advise their staff to simply approach unknown people in the office with “Hello can I help you?” cont • The Network Layer: • The most important part of understanding Layer 3 – Network Layer principles is knowing that routers make decisions based on Layer 3 information. • Routers understand the Internet Protocol (IP) and base routing decisions on that information. cont • If an attacker wants to cause problems when they are physically located within the network then they can ARP cache poison, but what if they are outside of the network? • They can use routers. • Routers running older software versions can be relatively easy to attack. cont • The Transport Layer: • One way the Transport Layer ensures that there is reliability and error checking is through the Transport Control Protocol (TCP). • Another protocol used at Layer 4 is UDP (User Datagram Protocol). • Highly reliable host-to-host communications would be file transfers, where loss of data would be unacceptable. cont • An attacker will gather information about a system using TCP and UDP. • Port scanning is often an attacker’s first probe of your network. • Lawrence Teo writes “Another sneakier, ‘stealthier’ kind of port scan is called the ‘halfopen’ SYN scan. • In this scan, the port scanner connects to the port but shuts down the connection right before a full connection occurs (hence the name ‘half-open’). cont • The port scanner that many attackers use by choice is NMAP. • Considering only an Internet connection is needed to begin malicious activities it should be noted that • NMAP can be obtained for free at • http://www.insecure.org/ • Another way to reduce the risk is to implement a Firewall. cont • The Session Layer: • TCP session hijacking is when a hacker takes over a TCP session between two machines. • Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. cont • In the Session Layer a very important component exists in an attempt to prevent unwanted connections and that is authentication. • Basic authentication is instigated at the beginning of the TCP session. • If the session is hijacked after that authentication then the destination will ‘trust’ the hijacked session. cont • Presentation Layer: • A presentation layer program formats a file transfer request in binary code to ensure a successful file transfer. • Another type of code that is offered by the Presentation Layer is Unicode. • If the "/" character is encoded in Unicode as "%c0%af", the URL will pass the security check, as it does not contain an y "../" patterns. Instead the security check only sees "..%c0%af", which it does not recognize as a malicious pattern. cont • This flaw allows savvy users to enter your web server and using Unicode access directories that they would otherwise be restricted from. • The reason is that IIS interprets both plain and Unicode commands, however, only the plain commands are compared with the denial list. • Protecting against Unicode vulnerabilities can be as simple as applying the recommended patches from the vendor. • This further illustrates that IT security is not a fix, but an ongoing dedication. cont • The Application Layer: • The interesting component here is that there is user and application interaction. • The most common use of IT resources would have to be e-mail. • Considering that formatting electronic mail messages is part of Layer 7 it would make sense then that malicious use of this technology would be considered a Layer 7 threat or vulnerability. • The greatest threat to have wide circulation must be the e-mail Trojan (short for Trojan Horse). cont • “Trojan horse is a destructive program that masquerades as a benign application. • Unlike a viruses [sic], Trojan horses do not replicate themselves but they can be just as destructive. • One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.” cont • Protecting your assets from Trojans and viruses is serious business. • There are various vendors you can obtain antivirus (read anti-Trojan also) software from. • Your needs and budget will dictate who you rely on. • Keeping your license (if any) updated and listening to industry watch - keepers will allow you to be confident in your anti-virus software. • The important thing to remember is that Trojans, and Viruses for that matter, are created daily. Network Protocols • Definition: A network protocol defines rules and conventions for communication between network devices. • Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets. cont • Network protocols include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. • Some protocols also support message acknowledgement and data compression designed for reliable and/or high-performance network communication. • Hundreds of different computer network protocols have been developed each designed for specific purposes and environments. Internet Protocols • The Internet Protocol family contains a set of related (and among the most widely used network protocols. • Beside Internet Protocol (IP) itself, higher-level protocols like TCP, UDP, HTTP, and FTP all integrate with IP to provide additional capabilities. • Similarly, lower-level Internet Protocols like ARP and ICMP also co-exist with IP. • In general, higher level protocols in the IP family interact more closely with applications like Web browsers while lower-level protocols interact with network adapters and other computer hardware Routing Protocols • Routing protocols are special-purpose protocols designed specifically for use by network routers on the Internet. • Common routing protocols include EIGRP, OSPF and BGP. How Network Protocols Are Implemented • Modern operating systems like Microsoft Windows contain built-in services or daemons that implement support for some network protocols. • Applications like Web browsers contain software libraries that support the high level protocols necessary for that application to function. cont • For some lower level TCP/IP and routing protocols, support is implemented in directly hardware (silicon chipsets) for improved performance. • A group of network protocols that work together at higher and lower levels are often called a protocol family. • Students of networking traditionally learn about the OSI model that conceptually organizes network protocol families into specific layers for teaching purposes. Problems with Network Protocols • TCP/IP – No SRC authentication: can’t tell where packet is from – Packet sniffing – Connection spoofing, sequence numbers • BGP: advertise bad routes or close good ones • DNS: cache poisoning, rebinding – Web security mechanisms rely on DNS