Download Lecture19 - The University of Texas at Dallas

Document related concepts

TV Everywhere wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

AppleTalk wikipedia , lookup

Zigbee wikipedia , lookup

Computer security wikipedia , lookup

IEEE 1355 wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Net bias wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wireless security wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Internet protocol suite wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Transcript
Telecommunications and
Network Security
Dr. Bhavani Thuraisingham
The University of Texas at Dallas (UTD)
July 2015
Domain Agenda
•
•
•
•
•
•
•
•
•
•
•
Networks
Network Security
Physical
Data Link
Network
Transport
Session
Presentation
Application
Telephony
Services
OSI Model
• The Open Systems Interconnection model (OSI model) is a product
of the Open Systems Interconnection effort at the International
Organization for Standardization.
• It is a way of sub-dividing a communications system into smaller
parts called layers. A layer is a collection of conceptually similar
functions that provide services to the layer above it and receives
services from the layer below it.
• On each layer an instance provides services to the instances at the
layer above and requests service from the layer below.
OSI Reference Model
•
•
•
•
•
•
•
Layer 7:
Layer 6:
Layer 5:
Layer 4:
Layer 3:
Layer 2:
Layer 1:
Application
Presentation
Session
Transport
Network
Data Link
Physical
TCP/IP
• In the TCP/IP model of the Internet, protocols are not as rigidly designed into
strict layers as the OSI model.
• TCP/IP does recognize four broad layers of functionality which are derived from
the operating scope of their contained protocols, namely the scope of the
software application, the end-to-end transport connection, the internetworking
range, and lastly the scope of the direct links to other nodes on the local
network.
• The Internet Application Layer includes the OSI Application Layer, Presentation
Layer, and most of the Session Layer. Its end-to-end Transport Layer includes the
graceful close function of the OSI Session Layer as well as the OSI Transport
Layer. The internetworking layer is a subset of the OSI Network Layer (see
above), while the Link Layer includes the OSI Data Link and Physical Layers, as
well as parts of OSI's Network Layer.
Network Security
• Issues and Concerns
– Non-repudiation
– Redundancy
• Risks
– Network is the key asset in many organizations
– Network Attacks
• Attacks
– Network as a channel for attacks
– Network as the target of attack
Network Security
• Defense in Depth
– Series of hurdles
– Collection of controls
• Security controls:
– Are built around social, organizational, procedural and technical activities
– Will be based on the organization’s security policy
• Security Objectives and Attacks
– Business risk vs. Security solutions
– Attack scenarios
– Network entry point
• Inbound vs. Outbound attacks
• Methodology of Attack
– Attack trees
– Path of least resistance
• Acquisition
Target Related Issues
– Attacks start by gathering intelligence
– Controls
• Limit information on a network; Distract an attacker
• Analysis
– Analyze target for security weaknesses
• Access
– Obtain access to the system
– Manage user privileges
– Monitor access
• Target Appropriation
– Escalation of privileges
– Attacker may seek sustained control of the system
– Controls against privilege escalation
Network Security Tools
• Tools automate the attack processes
• Network security is more than just technical implementations
• Scanners
– Discovery scanning
– Compliance scanning
– Vulnerability scanning
Layer 1: Physical Layer
• Bits are converted into signals
• All signal processing is handled here
• Physical topologies
Communication Technology
• Analog Communication
– Analog signals use frequency and amplitude
– Transmitted on wires or with wireless devices
• Digital communications
–
–
–
–
Uses different electronic states
Can be transmitted over most media
Integrity of digital communication is easier
Digital communication brings quantitative and qualitative enhancements
Network Topology
•
•
•
•
Even small networks are complex
Network topology and layout affect scalability and security
Wireless networks also have a topology
Ring Topology
– Closed-loop topology
– Advantages
• Deterministic
– Disadvantages
• Single point of failure
Network Topology
• Bus Topology
– LAN with a central cable to which all nodes connect
– Advantages
• Scalable; Permits node failure
– Disadvantages
• Bus failure
• Tree Topology
– Devices connect to a branch on the network
– Advantages
• Scalable; Permits node failure
– Disadvantages
• Failures split the network
Network Topology
• Mesh Topology
– Every node network is connected to every other node in the network
– Advantages
• Redundancy
– Disadvantages
• Expensive; Complex; Scalability
• Star Topology
– All of the nodes connect to a central device
– Advantages
• Permits node/cable failure; Scalable
– Disadvantages
• Single point of failure
Cable Selection Considerations
•
•
•
•
•
Throughput
Distance between devices
Data sensitivity
Environment
Twisted Pair
– One of the simplest and cheapest cabling technologies
– Unshielded (UTP) or shielded (STP)
Unshielded Twisted Pair (UTP)
Category
Transmission Rate
Use
Category 1
< 1 Mbps
Analog voice and basic interface rate (BRI) in
Integrated Services Digital Network (ISDN)
Category 2
< 4 Mbps
4 Mpbs IBM Token Ring LAN
Category 3
16 Mbps
10 Base-T Ethernet
Category 4
20 Mbps
16 Mbps Token Ring
Category 5
100 Mbps
100 Base-TX and Asynchronous Transfer
Mode (ATM)
Category 5e
1000 Mbps
1000 Base-T Ethernet
Category 6
1000 Mbps
1000 Base-T Ethernet
Coaxial Cable (Coax)
• Conducting wire is thicker than twister pair
– Bandwidth
– Length
• Expensive and physically stiff
Fiber Optics
• Three components
– Light source
– Optical fiber cable
• Two types
– Light detector
• Advantages
• Disadvantages
Wireless Transmission Technologies
•
•
•
•
•
•
•
802.11 – WLAN
806.16 – WMAN, WiMAX
Satellite
Bluetooth
IrDA
Microwave
Optical
Wireless Multiplexing Technologies
Technology
Principle
Objective
Direct Sequence Spread
Spectrum (DSSS)
Spread transmission over a
wider-frequency band
Signal less susceptible to
noise
Frequency-Hopping Spread
Spectrum (FHSS)
Spread signal over rapidly
changing frequencies
Interference
Orthogonal-Frequency
Division Multiplexing (OFDM)
Signal is subdivided into subfrequency bands
Physical Layer: Equipment Agenda
•
•
•
•
•
•
Patch panel
Modem
Cable modem
Digital subscriber line
Hub and repeater
Wireless access points
Physical Layer: Equipment Agenda
• Patch Panels
– Provide a physical cross-connect point for devices
– Alternative to directly connecting devices
– Centralized management
• Modem
– Convert a digital signal to analog
– Provide little security
• War dialing
– Unauthorized modems
Physical Layer: Equipment Agenda
• Cable Modem
– PCF Ethernet NIC connects to a cable modem
– Modem and head-end exchange cryptographic keys
– Cable modems increase the need to observe good security practices
• Digital Subscriber Line
– Use CAT-3 cables and the local loop
•
•
•
•
Asymmetric Digital Subscriber Line (ADSL)
Rate-Adaptive DSL (RADSL)
Symmetric Digital Subscriber Line (SDSL)
Very high bit rate DSL (VDSL)
Physical Layer: Equipment Agenda
• Hubs
– Used to implement a physical star/logical bus topology
– All devised can read and potentially modify the traffic of other devices
• Repeaters
– Allow greater distances between devices
• Wireless Access Points (WAPS)
– Access Point (AP)
– Multiple Input Multiple Output (MIMO)
Standard Connections
• Types of connectors
–
–
–
–
RJ-11
RJ-45
BNC
RS-232
• Cabling standards
– TIA/EIA-568
Physical Layer Threats and Controls
• Attacking
– Wire
– Wireless
– Equipment: Modems
• Controls
– Wire
• Shielding
• Conduit
• Faraday cage
– Wireless
• Encryption
• Authentication
– Equipment
• Locked doors and cabinets
Layer 2: Data Link Layer
•
•
•
•
•
Connects layer 1 and 3
Converts data from a signal into a frame
Transmits frames to devices
Linker-Layer encryption
Determines network transmission format
Synchronous/Asynchronous
Communications
• Synchronous
– Timing mechanism synchronizes data transmission
– Robust error checking
– Practical for high-speed, high-volume data
• Asynchronous
– Clocking mechanism is not used
– Surrounds each byte with bits that mark the beginning and end of
transmission
Unicast, Multicast and Broadcast
Transmissions
• Multicasts
• Broadcasts
– Do not use reliable sessions
• Unicast
Unicast – Point-to-Point
•
•
•
•
ISDN (Integrated Services Digital Network)
T’s (T Carriers)
E’s (E Carriers)
OC’s (Optical Carriers)
Integrated Service Digital Network
(ISDN)
B (Bearer) Channel
64kBit/s
D (Delta) Channel
16KBit/s
BRI (Basic Rate Interface)
2*B+I*D = 144kBit/s
PRI (Primary Rate Interface)
North America
23*B+I*D = 1.55MBit/s (TI)
PRI Europe and Australia
30*B+I*D = 2MBit/s (EI
“T” Carrier
Channel
Multiplex Ratio
Bandwidth
T1
1xT1
1.544 Mbps
T2
4xT1
6.312 Mbps
T3
7xT2 = 28xT1
44.736 Mbps
T4
6xT3 = 168xT2
274.176 Mbps
“E” Carrier
Channel
Multiplex Ratio
Bandwidth
E1
1xE1
2.058 Mbps
E2
4xE1
8.848 Mbps
E3
4xE2 = 16xE1
34.304 Mbps
E4
4xE3 = 64xE2
139.264 Mbps
“OC” Optical Carrier STS
Optical Level
Bandwidth
OC1
51.84 Mbps
OC3
155.52 Mbps
OC12
622.08 Mbps
OC48
2488.32 Mbps
OC192
9953.28 Mbps
Circuit-switched vs.
Packet-switched Networks
• Circuit-switched
– Dedicated circuit between endpoints
– Endpoints have exclusive use of the circuits and its bandwidth
• Packet-switched
– Data is divided into packets and transmitted on a shared network
– Each packet can be independently routed on the network
• Switched vs. Permanent Virtual Circuits
– Permanent Virtual Circuits (PVC)
– Switched Virtual Circuits (SVC)
Carrier Sense Multiple Access
• Only one device may transmit at a time
• There are two variations
– Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
– Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
Polling to Avoid Contention
• Slave device needs permission from a master device
• Used mostly in mainframe protocols
• Optional function of the IEEE 802.1 1 standard
Token Passing
• A token is a special frame that circulates through the ring
• Device must possess the token to transmit
• Token passing is used in Token Ring (IEEE 802.5) and FDDI
Bridges and Switches
• Bridges
– Layer 2 devices that filter traffic between segments based on MAC
addresses
– Can connect LANs with unlike media types
– Simple bridges do not reformat frames
• Switches
–
–
–
–
Multi-port devices to connect LAN hosts
Forward frames only to the specified MAC address
Increasingly sophisticated
Also forward broadcasts
Multiplexer/Demultiplexer
• Combining or splitting signals
• Technologies
– TDM – Time
– FDM – Frequency
– WDM – Wave
Wireless Local Area Networks
• Allow mobile users to remain connected
• Extend LANs beyond physical boundaries
Wireless Standards : IEEE 802
•
•
•
•
•
•
•
•
802.1 1b
802.1 1a
802.1 1g
802.1 1n / Multiple Input Multiple Output
802.1 1i / Security
802.1 6 / WiMAX
802.1 5 / Bluetooth
802.1 x / Port security
Ethernet (IEEE 802.3)
• Most popular LAN architecture
• Support bus, star, and point-to-point topologies
• Currently supports speed up to 10000 Mbps
Protocols
• Address Resolution Protocols (ARP)
– ARP (RFC 826)
– RARP (RFC 903)
– ARP Cache Poisoning
• Point-to-Point Protocol (PPP)
– RFC 1331
• Encapsulation
• Link Control Protocol (LCP)
• Network Control Protocols
• Password Authentication Protocol (PAP)
– Identification and authentication of remote entity
– Uses a clear text, reusable (static) password
– Supported by most network devices
Challenge Handshake Authentication
Protocol
• CHAP
–
–
–
–
Periodically re-validates users
Standard password database is unencrypted
Password is sent as a one-way hash
CHAP Process
• MSCHAP
• The Nonce
Extensible Authentication Protocol (EAP)
•
•
•
•
Provides a pointer to authentication
EAP – Transport level security
Wireless needs EAP
PEAP - (Protected EAP)
Link Layer Threats
• Confidentiality
– Sniffing for reconnaissance
– Offline brute force
– Unapproved wireless
• Integrity
– Modify packets
– Man-in-the-middle
– Force weaker authentication
• Availability
– Denial of service
– War driving
• Transition from wireless to wired
Wired and Wireless Link-Layer Controls
• Encryption
– PPP Encryption Control Protocol (ECP)
• Authentication
– PAP
– CHAP
– EAP
• Tunneling
– EAP-TTLS
• Radio frequency management
Wireless Encryption Summary
802.1x
Dynamic
WEP
Wi-Fi
Protected
Access
Wi-Fi
Protected
Access 2
Access Control
802.1X
8021X or preshared key
802.1X or preshared key
Authentication
EAP methods
EAP methods
or pre-shared
key
EAP methods
or pre-shared
key
Encryption
WEP
TKIP (RC4)
CCMP (AES
Counter Mode)
Integrity
None
Michael MIC
CCMP (AES
CBC-MAC)
Metropolitan Area Network (MAN)
• Optimization for city
• Use wireless infrastructure, fiber optics or ethernet to connect
sites together
• Still needs security
• Switched Multi-megabit Data Service (SMDS)
• SONET/SDH
Layer 3: Network Layer
• Moves information between two hosts that are not physically
connected
• Uses logical addressing
LAN/WAN
• Local Area Network (LAN)
– LANs service a relatively small area
– Most LANs have connectivity to other networks
– VLANs are software-based LAN segments implemented by switching
technology
• Wide Area Network (WAN)
– A WAN is a network connecting local networks or access points
– Connections are often shared and tunneled through other connections
Storage Area Network (SAN)
•
•
•
•
Hard drive space problem
Server of servers
Fiber backbone
Switched
Public Switched Telephone Networks
(PSTNs)
• PSTNs are circuit-switched networks
• PSTNs are subject to attacks
X.25
•
•
•
•
Suite of protocols for unreliable networks
Has a strong focus on error correction
Users and host connect through a packet-switched network
Most organizations now opt for frame relay and ATM instead of
X.25 for packet switching
Frame Relay
•
•
•
•
Network cloud of switches
Customers share resources in the cloud
The cloud is assumed to be reliable
Customers are charged only for bandwidth used
Asynchronous Transfer Mode (ATM)
• ATM is connection-oriented
– Uses virtual circuits
– Guarantees QoS but not the delivery of cells
– Types of virtual circuits
Multi-Protocol Label Switching (MPLS)
•
•
•
•
•
Bandwidth management and scalability
Permits traffic-engineering
Provides QoS and defense against network attacks
Operates at Layer 2 and 3
Operates over most other packet switching technologies such as
Frame Relay and ATM
Comparing Broadband Wireless
802.11
WiFi
Bandwith
802.16
WiMAX
802.20
Mobile-Fi
UMTS
3G
11-54 Mbps shared
Share up to 70
Mbps
Up to 1.5 Mbps each
384 Kbps – 2
Mbps
Range (LOS)
Range (NLOS)
100 meters
30 meters
30 – 50 km
2 – 5 km (‘07)
3 – 8 km
Coverage is
overlaid on
wireless
infrastructure
Mobility
Portable
Fixed (Mobile –
16e)
Full mobility
Full mobility
Frequency/ Spectrum
2.4 GHz for 802.1
1b/g
5.2 GHz for 802.11a
2 - 11 GHz for
802.16a
11-60 GHz for
802.16
< 3.5 GHz
Existing wireless
Licensing
Unlicensed
Both
Licensed
Licensed
Standardization
802.11a,b and g
standardized
802.16, 802.16a
and 802.16 REVd
standardized,
other under
development
802.20 in
development
Part of GSM
standard
Availability
On the market today
Products available
today
Standards coming
Currently being
deployed
Wireless Optics
• Two laser transceivers communicate at speeds comparable to
SONET
• Wireless optics transmissions are hard to intercept
• Wireless optics can be unreliable during inclement weather
• Avoids the licensing requirements of Microwave in most regions
Network Usage: Definitions
• Intranet
• Extranet
– Granting access to external organizations
• Internet
Other Aspects
• Virtual Private Network
– Remote access through VPN
– LAN to LAN configuration
• Secure Remote Access
– Remote access through modems, ISPs, WAN connections
• Traffic Shaping
– Quality of Service (QoS)
– Depends on all carriers agreeing on priority handling rules
• Routers
– Network routing
Firewalls
• Filtering
– Filtering by address
– Filtering by service
•
•
•
•
•
Static Packet Filtering
Stateful inspection or dynamic packet filtering
Personal firewalls
Enforce administrative security policies
Separate trusted networks from untrusted networks
– Firewalls should be placed between security domains
• Proxy Firewalls
– Circuit-level policy
– Application-level policy
Firewalls
Firewall Type
OSI Model Layer
Characteristics
Packet filtering
Network layer
Routers using ACLs
dictate acceptable
access to a network
Looks at destination
and source
addresses, ports and
services requested
Application-level
proxy
Application layer
Deconstructs packets
and makes granular
access control
decisions
Requires one proxy
per service
Firewalls (cont.)
Firewall Type
OSI Model Layer
Characteristics
Circuit- level proxy
Session layer
Deconstructs packets
Protects wider range
of protocols and
services than applevel proxies, but are
not as detailed as a
level of control
Stateful
Network layer
Keeps track of each
conversation using a
state table
Looks at state and
context of packets
Network Partitioning
•
•
•
•
•
Boundary routers
Dual-homed host
Bastion Host
Demilitarized Zone (DMZ)
Three-legged firewall
End Systems
•
•
•
•
•
•
•
Servers and mainframes
Operating systems
Notebooks
Workstations
Smart phones
Personal digital assistants
Network Attached Storage (NAS)
Internet Protocol (IP)
• Internet Protocol (IP) is responsible for routing packets over a
network
• Unreliable protocol
• IP will subdivide packets
• IPv4 address structure
Internet Protocol (cont.)
Internet Protocol Address Structure
Class
Range of First
Octet
Number of Octets
for Network
Number
Number of Hosts in
Network
A
1 – 127
1
16,777,216
B
128 – 191
2
65,536
C
192 – 223
3
256
D
224 – 239
Multicast
E
240 - 255
Reserved
Subnetting and Valid Subnets
• Subnetting
• Supernetting
• Classless Inter-Domain Routing (CIDR)
Dynamic Host Configuration Protocol
(DHCP)
• Dynamically assigns IP addresses to hosts
• Client does not have to request a new lease every time it boots
IPv6
•
•
•
•
A larger IP address field
Improved security
A more concise IP packet header
Improved quality of service (QoS)
Internetwork Packet Exchange (IPX)
• Vendor specific
• Retired
Internet Control Message Protocols
(ICMP)
• ICMP redirect attacks
• Traceroute exploitation
• Ping scanning
Internet Group Management Protocol
(IGMP)
• Used for multicast messages
• Sets up multicast groups
Virtual Private Network (VPN)
•
•
•
•
•
Secure shell (SSH)
SSL/TLS
SOCKS
High Assurance Internet Protocol Encryptor (HAIPE)
IP Security (IPSEC) – see next slide
IPSEC Authentication and
Confidentiality for VPNs
•
•
•
•
•
•
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Security Parameter Index (SPI)
Security Associations
Transport Mode / Tunnel Mode
Internet Key Exchange ((IKE)
Tunneling Protocols
• Tunneling Protocols
– Point-to-point Tunneling Protocol (PPTP)
– Layer 2 Tunneling Protocol (L2TP)
• Routing Protocols
–
–
–
–
–
–
–
–
Routing Information Protocol (RIP)
Virtual Router Redundancy Protocol (VRRP)
Open Shortest Path First (OSPF)
Exterior Gateway Protocol (EGP)
Border Gateway Protocol (BGP)
Intermediate System-to-Intermediate System (ISIS)
Interior Gateway Routing Protocol (IGRP)
Enhanced IGRP (EIGRP)
Risks and Attacks
• Key shortcoming in IP is its lack of authentication
• Shortcomings in implementation
• IP Fragmentation Attacks
– Teardrop attack
– Overlapping fragment attacks
• IP Address Spoofing
– Overlapping fragment attacks
– Packets are sent with a bogus source address
– Takes advantage of a protocol flaw
• Encryption as a Threat
– External attackers
– Internal attackers
Risks and Attacks
•
•
•
•
Network Eavesdropping
Sniffing the wire
Encryption
IP allows the sender to specify the path
– Attackers can abuse source routing, thereby gaining access to an internal
network
Risks and Attacks
• Source-routing Exploitation
– IP allows the sender to specify the path
• Attackers can abuse source routing, thereby gaining access to an internal network
• Smurf and Fraggle attacks
– Smurf attack mis-uses the ICMP Echo Request
– Fraggle attack used UDP instead of ICMP
– Ping of death
Controls
• Policy
• Inbound and outbound traffic controls
• Network partitioning
Layer 4: Transport Layer
• End-to-end transport between peer hosts
• Connection oriented and connectionless protocols
Protocols
• Transmission Control Protocol (TCP)
– Well-known ports
– Registered ports
– Dynamic and/or private ports
• User Datagram Protocol (UDP)
– Fast
– Low overhead
– No error correction/replay protection
• Sequenced Packet Exchange (SPX)
– Novell’s protocol
– Replaced by TCP
Transport Layer Security (TLS)
• Mutual authentication
• Encryption
• Integrity
Attacks
• SYN Flood
• Port Scanning
–
–
–
–
FIN, NULL and XMAS Scanning
SYN Scanning
TCP Sequence Number Attacks
Session Hijacking
• Denial of Service
Controls
•
•
•
•
SYN proxies
Honeypots and honeynets
Tarpits
Continuous or periodic authentication
Layer 5: Session Layer
•
•
•
•
Client server model
Middleware and three-tiered architecture
Mainframe
Centralized systems
Protocols
• Real-time protocol – RTP
• RTP control protocol – RTCP
• Remote procedure calls - RPC
RPC Threats and Controls
• Threats
– Unauthorized sessions
– Invalid RPC exchanges
• Controls
– Secure RPC
Layer 6: Presentation Layer
• Ensures a common format for data
• Services for encryption and compression
Standards
• Mainframe to PC Translation
– Extended Binary Coded Decimal Interchange Code (EBCDIC)
– American Standard Code for Information Interchange (ASCII)
– Gateway
• Video and Audio Compression
– Codec
• Compression / decompression
– Conserves bandwidth and storage
Compression Protocols
Audio Compression
ISO/IEC
MPEG – I Layer III (MP3)
MPEG-I Layer I & II
AAC: HE_ACC v2
aacPlus v2
ITU-T
G.711
G.722
G.723
G.726
G.728
G.729
Video Compression
ISO/IEC
MJPEG
MPEG-I & II
MPEG-4 ASP & AVC
ITU-T
H.261 – H.264
Threats and Controls
• Availability Threat
– Lack of interoperability
• Controls
– Organizational standards
Layer 7: Application Layer
• The application layer is NOT the Graphical User Interface (GUI)
• Performs communications between peer applications
Implementations
• Client/Server
–
–
–
–
–
–
Telephony/voice
Video
Instant messaging
Email
World wide web
File transfer
• Peer-to-peer
– Sharing
• Multi-tier
– Web front-end
– Database back-end
– Web 2.0
Protocols Examples
FTP
File Transfer Protocol
HTTP
HyperText Transfer Protocol
IMAP
Internet Message Access Protocol
IRC
Internet Relay Chat
MIME
Multipurpose Internet Mail Extensions
POP3
Post Office Protocol (version 3)
Rlogin
Remote Login in UNIX Systems
SOAP
Simple Object Access Protocol
SSH
TELNET
Secure Shell
Terminal Emulation Protocol
Threats and Controls
• Vulnerabilities as of September 2007
– 35,000
• Verified exploits
– +10,000
• Controls
– STOP IT!
• Don’t use application-layer protocols that are too risky?
– Update / patch
Telephony
• Voice Over IP
– Reduced cost
– Converged technology security
• Mobile Telephony – Cellular service
– Analog
• Advanced Mobile Phone Service (AMPS)
– Digital
• Global Service for Mobile Communications (GSM)
• General Packet Radio Service (GPRS)
• Universal Mobile Telecommunications System (UMTS)
– Data
Mobile Multiplexing Technologies
Technology
Principle
Objective
Frequency Division
Multiple Access
(FDMA)
Divide frequency into
sub bands
Open several low
bandwidth channels
Time Division
Multiple Access
(TDMA)
Split transmission by
time slices
Multiplexing
between participants
Code Division
Multiple Access
(CDMA)
Multiplex several
signals into one
signal
Multiplexing is
performed on a
digital level
Protocols
• VoIP Protocols
– H.323
• SIP
• Mobile Telephony Protocols
– Proprietary Applications and Services
– Wireless Application Protocol (WAP)
• Mobile internet browsing
Telephony Threats and Controls
• Threats
– IP Telephony Network Issues
– IP Telephony Vulnerabilities
• Controls
– Authentication
– Firewalls
– Modem control
• Good practices for VoIP telephony
–
–
–
–
–
Encryption
Hardening
Patches
Authentication
Physical protection
General Threats
•
•
•
•
Authenticity
Eavesdropping
Social engineering
Tunneling firewalls
Services
•
•
•
•
•
•
Authentication
Directory
Configuration
Communication
Storage
Printing
Authentication
• Centralized Remote User Authentication
– Network Access Server send authentication requests to the Centralized
Authentication Server.
• Kerberos Authentication
– RFC 1510
– Principals (client and server) are treated as equals
– Key Distribution Server (KDC)
• Authentication server (AS)
– Ticket granting server (TGS)
Directory Services
•
•
•
•
Domain Name Service (DNS)
Lightweight Directory Access Protocol (LDAP)
Network Basic Input Output System (NetBios)
Network Information Service (NIS/NIS+)
Configuration Services
•
•
•
•
Simple Network Management Protocol (SNMP)
Dynamic Host Configuration Protocol (DHCP)
Network Time Protocol (NTP)
Finger User Information Protocol
Communication Services
• Synchronous Messaging
– Instant Messaging (IM)
– Internet Relay Chat (IRC)
• Asynchronous Messaging
–
–
–
–
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol (POP)
Internet Message Access Protocol (IMAP)
Network News Transfer Protocol (NNTP)
Remote Communication Services
•
•
•
•
TCP/IP Terminal Emulation Protocol (TELNET)
Remote Login (RLOGIN), Remote Shell (RSH), Remote Copy (RCP)
X Window System (XII)
Video and multimedia
Storage Server Services
• Common Internet File System (CIFS ) /Server Message Block
(SMB)
• Network File System (NFS)
• Secure NFS (SNFS)
Storage Data Services
•
•
•
•
•
•
File Transfer Protocol (FTP)
Trivial File Transfer Protocol (TFTP)
Hypertext Transfer Protocol (HTTP)
HTTP over TLS (HTTPS)
Secure Hypertext Transfer Protocol (S-HTTP)
Proxies
Printing Services
• Internet Printer Protocol (IPP)
• Line Printer Daemon (LPD) and Line Printer Remote (LPR)
• Common UNIX Printing System (CUPS)
DNS Threats
• Spoofing
• Query manipulation
– Hosts file manipulation
– Social engineering
• Information disclosure
• Domain litigation
• Cyber squatting
Other Threats
• Email Threats
– Spoofing
– Open Mail Relay Servers
– Spam and Filtering
•
•
•
•
Instant messaging Threats
File sharing
SPIM
Service Message Block (SMB) Threats
– Buffer overflows
Controls
•
•
•
•
DNS security extensions (DNSSEC)
Mail filtering
IM policy
Turn off SMB