Download EE579T-Class 1C

EE579T / CS525T
Network Security
1: Course Overview and Computer Security
Review
Prof. Richard A. Stanley
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #1
Overview of Tonight’s Class
• Administration
• Is network security a problem, or just an
interesting topic?
• What is different between computer security
and network security?
• Review of computer security
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #2
Administration
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #3
Organizational Details
• Prof. Stanley contact information
– Office: A-K 316
– Hours: Mon/Tue 5:00-6:00 PM and by
appointment
– Phone: (508) 276-1060 / (508) 831-5352
– Email: [email protected]
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #4
Administrivia
• Class will normally meet 6:00 - 8:50 PM
every Tuesday here. Please be on time.
• Break from approx. 7:15 to 7:30 PM
• If class is cancelled for bad weather, you
should receive notice. Double-check with
ECE Dept. (5231) or with me if in doubt.
• It may be necessary to cancel a class during
the term. If so, you will be notified.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #5
Course Text
• Network Security Essentials, 2nd Edition
William Stallings, Prentice Hall, 1999
ISBN 0-13-016093-8
• Additional material will be in the form of
handouts and pointers to research
materials
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #6
Course Web Page
• http://www.ece.wpi.edu/courses/ee579t/
• Slides will be posted to the page before
class, barring any unfortunate problems
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #7
Grading
•
•
•
•
•
Mid-term exam (20%)
Homework (10%)
Class participation (10%)
Final exam (30%)
Course project (30%)
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #8
Course Projects Overview
• Teams of 2-4 individuals, ~4 preferred
• Identify, through research, a meaningful network
security problem (reported on as a historical event
or one you can hypothesize)
• Analyze the problem
– Why did it occur?
– How could you have prevented or mitigated it?
• Prepare report and present to the class
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #9
Policies - 1
• STUDENT CONDUCT: Students are required to
adhere to the Student Conduct Policy.
• There is a difference between working in teams
and submitting the same work. If work is a team
product, it must be clearly labeled as such.
Plagiarism will not be tolerated.
• “Incomplete” grades will not be given unless there
is a true emergency, and only by prearrangement
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #10
Policies - 2
• Homework is due at the class following the one in
which it is assigned. It will be accepted up to the
second class after that in which it is assigned, but
not after that, except in truly emergency situations.
By definition, emergencies do not occur regularly.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #11
Getting to Know You
• Your interests and expertise in this area
• My interest and experience in this area
• What you would like from the course
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #12
Is Network Security Really an
Important Problem?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #13
Network Security: What’s the
Big Deal?
•
•
•
•
Not a new problem
Not just a creation of the press
Not just for rocket scientists
As professionals, failure to understand and
implement appropriate security can come
back to haunt you in terms of liability and
reputation
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #14
Points to Ponder
• 80% of businesses surveyed reported insider
attacks against their networks in 2003
• Reported financial losses totaled $201.8M -- this
represents only the 251 companies willing to share
this information! Decrease from 2002.
• Theft of proprietary information and denial of
service attacks top the list of losses
• Majority of attacks now from outside, but
disgruntled employees blamed for 77%.
Source: "Issues and Trends: 2003 CSI/FBI Computer Crime and Security Survey"
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #15
What’s the Problem?
• Financial liability
– Due diligence
– Simple negligence
– Gross negligence
• Goodwill
• One bad press release cancels 1000 attaboys
This is a “you bet your business” issue
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #16
Computer Security
versus
Network Security
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #17
Computer security involves
preventing, detecting, and responding
to unauthorized actions on a
computer system.
Network security means the same
thing for a group of networked
computers
To understand network security, you must first understand
computer security. There is no “easy” way around this.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #18
One View
Network
Security
Computer
Security
Spring 2005
© 2000-2005, Richard A. Stanley
WWW
Security
WPI
EE579T/1 #19
Why Networks Matter
• If computers cannot be secured individually,
the network cannot be secure
• Networking makes the most individually
secure computer on the network only as
secure as the least individually secure
computer on the network.
• Networking offers new vulnerabilities
• Speed of mischief increases exponentially
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #20
And Most Especially...
• Mobile code is a basic staple of the internet,
and other networks as well
– This a wholly new paradigm
• Users are not usually aware of mobile code
• Novelty and convenience trump security
every time
– Consider the dancing pigs
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #21
Analogy
• One can easily define the security perimeter
of a single computer. You can probably
even literally “put your arms around it.”
• One cannot easily define the perimeter of a
group of networked computers, except
under a set of trivial conditions that are
meaningless in practice.
• So, where to put the security? And HOW to
make it happen?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #22
Role of Technology
• Technology is a useful tool, not a panacea.
• A clear policy, evenly enforced, is the most
critical element of success.
• Don’t ignore the fundamentals.
– Caterpillar’s entire network was compromised
by not revoking a former employee’s password.
• Perfection does not exist in the real world
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #23
Why Isn’t This Topic More
Theoretical?
In theory, there is no difference
between theory and practice.
In practice, there is.
Yogi Berra
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #24
Remember the
Security Theorem
• Proving a computer to be secure required:
– Knowledge of the security of each state
transition
– An exhaustive catalog of all possible states
– Knowledge of the initial conditions
• Now, how do we apply this approach to a
network with changing topology?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #25
Why Is A Proof Elusive?
• A secure network must be secure under all
conditions of operation
• This demands proof that there is no
condition under which it could operate that
is insecure, i.e. the negative proposition.
• However, formal logic teaches us it is
impossible to prove a negative
• Q.E.D.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #26
Networks
• A network is an interconnected group of
communicating devices.
• Two primary network types
– Circuit-switched (connection oriented)
– Packet-switched (connectionless)
• Span
– WAN, MAN, LAN
– So what?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #27
Data Networks
• Almost exclusively packet switched
– Higher efficiency than circuit-switched
– Computationally intensive to provide
– Packet loss rate is often very high
• Largely due to collisions rather than circuit faults
– Require extensive protocols to operate
• X.25
• IP
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #28
Network Topology
• The topology of a network is a view of its
interconnections, as they would be seen by an
observer looking down from great height
• Topology is important because it has implications
for security
• Three major topologies:
– star
– buss
– ring
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #29
Star Topology
The orange lines depict one
star -- this slide actually shows
a star-star architecture.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #30
Buss Topology
Buss
In a buss topology, all signals pass by all terminals
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #31
Ring Topology
A ring is simply a buss with
the ends connected to one another.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #32
How To Get There?
• Every destination on the network must have
an address, just as every postal destination
must have an address
– Addresses must be unique
– Network must know how to recognize address
– Various addressing schema, e.g.
• Ethernet
• IP
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #33
Two Network Technologies
• Token ring
– Users remain silent until they receive token
– Pioneered by IBM, not widely used
• Ethernet
–
–
–
–
Carrier-sense, multiple access/collision detect
Binary exponential backoff on collision sense
This is a radio network!  Another vulnerability
Most widely used architecture today, largely because it
is less expensive than token ring
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #34
Other Network Technologies
• Fiber-Distributed Data Interconnect (FDDI)
– Self-healing, 100 Mbps dual ring
• Frame relay
– Packet data service, built on X.25
• Synchronous Optical Network (SONET)
• Asynchronous Transfer Mode (ATM)
– Can operate at gigabit speeds
• 53 byte packets; 5 of the bytes are overhead
These are of interest in networking, but not security per se;
they will not be discussed further in this course
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #35
Topology Misconceptions
• The physical interconnection of network
elements does not necessarily reflect the
logical network topology
– Ethernet is logically a buss architecture
– Ethernet, connected using hubs, uses a physical
star interconnection
– Ethernet, connected using coaxial cable, uses a
physical buss interconnection
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #36
Some Network Security Issues
• Users not necessarily registered at the node they
are accessing
– How to authenticate users?
– What is basis for access control decisions?
• Some options:
–
–
–
–
User ID
User address
Service being invoked
Cryptographic-based solutions
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #37
Ethernet Misconceptions
• IEEE 802.3 = Ethernet
– Nope! Pure Ethernet is 802.2
• All Ethernets are created equal
– Vendor implementation issues
• The faster the network speed, the faster I
can work
– Signaling speed  data throughput
• Ethernet maps to the internet
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #38
CSMA/CD Throughput
Signaling speed
~40%
Throughput
Users
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #39
Ethernet Addresses
• 48 bits long
• Address space managed by the IEEE
• Usually fixed in hardware at time of
manufacture, but increasingly in EEPROM
• Hardware must recognize at least it’s own
physical address and the network multicast
address, and possibly alternate addresses
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #40
Ethernet Frame
NOTE: The proper term in this context for groups of 8 bits is an octet, not a byte.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #41
Network Size
• Networks cannot grow to be arbitrarily large
–
–
–
–
Address space
Physical interconnection limitations
Increasing collisions as users increase
Protocol/OS/machine incompatibilities
• So, how to extend the ability to interconnect
an arbitrarily large number of computers?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #42
The ARPANET
• Father of the Internet; first elements in 1969
• Began as an attempt to conduct and share research
to ensure continuity of communications after
nuclear war, so
– Connectionless
– Assured delivery
– Self-reconfiguring (sort of)
• Demonstrated feasibility of internetworking
disparate computer networks and machines
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #43
Internetworking
• Internetworking is the interconnection of
networks
• The Internet is an internetwork; all
internetworks are not the Internet
• Very few modern networks exist in
isolation; most are internetworked
• This has important security and legal
implications
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #44
Internetworking Concepts
• Networks are interconnected by routers or
gateways
– More about this later in the course
• Routers route a packet using the destination
network address, not the destination host
address
– Analogous to the world postal system and how
letters are routed
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #45
Internetwork Architecture
Net 1
Spring 2005
© 2000-2005, Richard A. Stanley
R
WPI
Net 2
EE579T/1 #46
Extended Internetworking
Net 1
Clearly, this can be
extended ad infinitum,
to form very large
internetworks.
Spring 2005
© 2000-2005, Richard A. Stanley
R
Net 2
R
Net 3
WPI
EE579T/1 #47
Some Terms
• TCP = transmission control protocol
• IP = internet protocol
• These protocols have become widely used
outside the formally-defined Internet
• They have some serious flaws, but they
work
– They were not planned to have/need security
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #48
IP Addressing
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #49
Class Discrimination
• Address space is 32 bits long (IPv4)
– Therefore, at most 232 possible addresses (or
4,294,967,296 in decimal notation)
• Easy to extract netid from address
• There is not a one-to-one correspondence
between IP addresses and physical devices
– Consider the router
• Address with hostid=0 refers to network
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #50
IP Addressing Weaknesses
• If a host moves to another network, its IP
address must change
• If a network grows beyond its class size (B
or C), it must get a new address of the next
larger size
• Because routing is by IP address, the path
taken by packets to a multiple-addressed
host depends on the address used
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #51
IP Address Presentation
• Usually done in dotted decimal, e.g.,
10000000 00001010 00000010 00011110
is usually written as
128.10.2.30
• What class of network address is this?
• As you see, each notation has its uses
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #52
Consider This Address
• 256.75.301.116
• What type of network is represented by this
address?
• Why?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #53
Address Limits
Class
A
B
C
D
E
Spring 2005
© 2000-2005, Richard A. Stanley
Lowest Address
0.1.0.0
128.0.0.0
192.0.1.0
224.0.0.0
240.0.0.0
WPI
Highest Address
126.0.0.0
191.255.0.0
223.255.255.0
239.255.255.255
247.255.255.255
EE579T/1 #54
Special Purpose Addresses
• 0.0.0.0
• 255.255.255.255
Addresses current host
Addresses hosts on
current network
• Host bits zero
Identifies a network
• Host bits one
Addresses hosts on
addressed network
• Network bits zero Addresses specific host
on current network
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #55
Reserved Addresses
• First Quad=127 is used for loopback
– Traffic doesn’t leave the computer
– Routed to the IP input queue
– Usually see 127.0.0.1
• Unregistered addresses
– Class A
– Class B
– Class C
Spring 2005
© 2000-2005, Richard A. Stanley
10.0.0.0 thru 10.255.255.255
172.16.0.0 thru 172.31.255.255
192.168.0.0 thru 198.168.255.255
WPI
EE579T/1 #56
The Future of IP
• IPv4 has shortcomings that are becoming
important for modern networking
• The IETF’s solution is a new version of IP,
Version 6, written as IPv6
–
–
–
–
Increased address space (128 vs. 32 bits)
Support for network autoconfiguration
Better support for routing
Better security support
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #57
IPv6 Issues
• It is not backwards compatible with IPv4
– Given the change in address space alone, how could it be?
– Requires translator to go v4v6, vice versa
• Huge investment in installed IPv4 mitigates against rapid
changeover
– But the Defense Department is going there now
• Network address translation (NAT) helps reduce need for
new address space
• Some services, like IPSec, now available for IPv4
• Bottom line: changeover not likely to be quick
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #58
Ports and Sockets
• Ports are associated with services, e.g.,
– Port 53 is usually the domain name service
(DNS)
– Port 80 is usually the hypertext transfer
protocol service
• A socket is the combination of an IP address
and a port, e.g. 192.168.2.45:80
• Sockets enable multiple simultaneous
services to run on a single address
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #59
Address Registration
• Internet Corporation for Assigned Names and
Numbers (ICANN) handles:
– IP address space allocation
– protocol parameter assignment
– domain name system management
– root server system management functions
• Only essential to register addresses that appear on
the global network, but registration is preferred
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #60
Routing
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #61
Protocols
• A protocol is simply an agreed-upon
exchange of information required to
perform a given task
– IP is a protocol
– So is TCP
• Networks utilize protocols to accomplish all
the important tasks they perform
• Layered protocols are common
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #62
ISO Protocol Model
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #63
Protocol Layering
• Refers to a protocol running on top of
another protocol
• Layered protocols are designed so that layer
n at the destination receives exactly the
same object sent by layer n at the source
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #64
TCP/IP Layering Model
Application
Application-specific
messages/streams
Transport
TCP Packets
Internet
IP Datagrams
Network Interface
Ethernet/Token Ring
Hardware
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #65
Some Common Protocols
• ARP maps IP addresses to physical addresses
• RARP determines IP address at startup
• IP provides for assured connectionless datagram
delivery
• ICMP handles error and control messages
• UDP defines user datagrams (no assurance of
delivery)
• IKE handles crypto key management functions
• TCP provides reliable stream transport
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #66
How Protocol Layering Works
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #67
Protocol Layering & Internet
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #68
Important Boundaries
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #69
TCP
• Assumes little about underlying network
• Reliable delivery characteristics:
–
–
–
–
–
Stream orientation
Virtual circuit connection
Buffered transfer
Unstructured stream
Full duplex connection
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #70
Positive Acknowledgement
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #71
Positive Acknowledgement
With Lost Packet
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #72
Sliding Window
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #73
Positive ACK With Sliding
Window
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #74
TCP
• A communications protocol, NOT a piece of
software
• Provides
–
–
–
–
Data format
Data acknowledgement for reliable transfer
How to distinguish multiple destinations
How to set up and break down a session
• Very complex
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #75
Conceptual TCP Layering
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #76
Internet Round Trip Delays
This data is old, but
still meaningful if you
ignore the absolute values
of the delays.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #77
Delays
• Cannot be avoided or predicted (except
statistically)
– Packet delivery times will vary
– Many packets will simply be lost
• So, as a network designer...
–
–
–
–
–
How long do you wait to assume nondelivery?
How do you slide the window?
How do you back off on collision detect?
How do you respond to congestion?
…etc.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #78
Establishing a TCP Session
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #79
Ending a TCP Session
This implies that a TCP session could be left “half open.” That is true.
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #80
TCP State Machine
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #81
Other Network Protocols
•
•
•
•
•
•
NetBIOS
NetBUI
IPX
X.25
ATM
Message: TCP/IP is not the only show in
town BUT...it is the most popular show in town
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #82
Network Facts
• Most computers today are connected to a
network (consider the Internet), at least for
part of the time they are in operation
• Most local networks are internetworked
• How to provide authenticity, integrity,
confidentiality, availability?
• Cryptography can help provide all the
security services except availability
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #83
Summary
• Networks and internetworking have become
ubiquitous
• Networking allows interconnection of computers
without much concern for the local OS or machine
architecture
• Networking raises many serious security issues,
which must be solved for networks to be useful in
modern business settings
• The pace of network security problem
development far exceeds the pace of their solution
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #84
Assignment for Next Class
• Read Stallings on authentication and PGP
• Review your prior class notes on cryptography
– We will not study cryptography in this course; you are assumed to
have a working knowledge of it, both symmetric and asymmetric
– Pay attention to refreshing your memory on digital signatures and
certificates
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #85
Homework - 1
1. What is the single greatest advantage of having
the IP checksum cover only the datagram header
and not the data? What is the disadvantage?
2. Exactly how many class A, B, and C networks
can exist? How many hosts can a network in each
class have?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #86
Homework - 2
3. How many IP addresses would be needed to
assign a unique network number to every home
(not person) in the U.S.A.? Is the address space
sufficient? If not, what can be done within the
existing IPv4 standard.
4. What is the chief difference between the IP
addressing scheme and the North American
Numbering Plan used for telephone numbers?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #87
Homework - 3
5. Complete routing tables for all routers shown on
slide 61.
6. Can you think of any security issues, hardware or
software, that arise from what you have studied so
far?
Spring 2005
© 2000-2005, Richard A. Stanley
WPI
EE579T/1 #88