Download Computer Networks

Document related concepts

Computer security wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Net bias wikipedia , lookup

RapidIO wikipedia , lookup

Network tap wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Computer network wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Internet protocol suite wikipedia , lookup

Airborne Networking wikipedia , lookup

Distributed firewall wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

IEEE 1355 wikipedia , lookup

Deep packet inspection wikipedia , lookup

Packet switching wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript
1
Computer Networks and
their Vulnerabilities
Omar Bashir
Communications Enabling Technologies,
Software Technology Park,
Islamabad, PAKISTAN
e-mail: [email protected]
Coverage
•
•
•
•
•
•
•
•
•
Introduction
Protocols
Switching Techniques
LAN Topologies and Technologies
WAN Technologies
Internetworking
Vulnerabilities
Attacking Techniques
Preventive Measures
2
Motivation Towards Distributed
Computing
Information based society. Timely creation,
effective management, accurate analysis and
efficient communication of information is
central to all successful activities.
Partitioning, replication, and distribution of
application components to achieve reliability,
efficiency and flexibility.
Efficient, cost effective and flexible means
of communications. Convergence of data,
voice and video communications.
3
4
Principal Catalysts
•
•
•
•
•
•
Packet Switching
Multi-megabit/Gigabit Networks
Desktop Workstations
Teleworking/Remote Working
Multimedia
Mobile Communications
5
Definitions
• Computer Network
– An interconnected collection of autonomous
computers.
• Distributed System
– A collection of autonomous computers linked by a
network, with software designed to produce an
integrated computing facility.
KEYWORDS: Interconnection, Autonomy and
Integrated Operations
6
Autonomy
• Computers or hosts are sources and sinks
of data
• All computers on a computer network are
logically equal
• No computer can forcibly start, stop or
control another computer
• Systems employing master/slave
relationships not included in computer
networks
7
Interconnection
• Physical connection to
enable communication
Logical Link A
Logical
Link B
• Logical connections
established for every session
on a computer
• Logical connections provide
communication services to
distributed applications
Distributed Systems
8
• Application components executing on diverse
platforms on a computer network
• Computer networking facilities for distributed
applications consist of
– hardware components
• switches, circuits and interface cards/modules
– software components
• protocol managers, device drivers
• part of platform OS and networking devices
• Hardware and software components providing
communications for a distributed system are
termed as its communications sub-system.
Communications in Distributed
Systems
9
• Distributed systems constructed to isolate
communications sub-system from the
application components.
• Application components virtually communicate
with each other by passing messages of
arbitrary lengths.
• Physically, application components pass these
messages to communications subsystems.
• Communications subsystems actually
communicate messages as packets of data.
Communications in Distributed
Systems (Contd)
Message
Application
Component A
Communications
Subsystem
Packet 3
Network
Packet 2
Application
Component B
Communications
Subsystem
Packet 1
10
Communications in Distributed
Systems (Contd)
11
• Syntax and semantics of messages defined by
the applications.
• Packets structured to achieve efficient
communication over the underlying network.
• Communications sub-system neither deals with
the semantics of the messages nor does it
differentiate between different applications on
the basis of their messages
• Several applications on a single platform share
the same communications subsystem.
Typical Objectives of
Computer Networks
•
•
•
•
12
Connectivity
Resource Sharing
Support for Common Services
Performance
Viewed differently by application programmers,
network designers and network service
providers
Connectivity
• A network consists of nodes and links
• Nodes that perform communication related task are
termed as Interface Message Processors (IMPs).
• Nodes that use network are known as hosts.
• Combination of IMPs and links are termed as a
subnetworks.
• Each node should be addressed uniquely.
• Two or more subnetworks can be interconnected to
form an internetwork.
13
Connectivity
Hosts
IMP
Subnetwork
Interconnection of Subnetworks
14
Switching Techniques
15
Circuit Switching
• Physical connection established between terminals
before data communication commences.
• All resources for a connection (in the terminals and
intermediate switches) are reserved even when no
data is transferred.
• Terminals release connection at the end of the
session.
• Call establishment and release may be expensive.
• Good choice in situations where significant amount
of data needs to be transferred at a fixed rate.
• Resource utilisation may be inefficient if data transfer
is bursty.
Circuit Switching
16
Circuit Switching
17
Circuit Switching
18
Switching Techniques
19
Message Switching
• No physical channel established in advance between
terminals.
• Transmitter transmits message to the first switch.
• The first switch stores the message, checks it for
errors and then forwards it to the next switch towards
the destination. Therefore known as store and
forward networks.
• Large buffers required at switches to store
messages.
• Large messages may tie up a link between two
switches for several minutes.
Switching Techniques
20
Packet Switching
• Contrary to message switching, tight upper limits
placed on transmission block size.
• Large messages fragmented into packets at source.
• Size and structure of packets chosen to allow
efficient communication.
• Destination host re-assembles appropriate packets
to form messages.
• Switches determine route for each packet after
examining destination host’s address inserted in the
packet by the source computer.
• Structure
Source
Destination
Payload
Packet Switching
21
C
A
D
B
B to A
A to C
C to D
B to C
Resource Sharing
• On a point to point link between two
computers, link capacity is never completely
utilised.
• Link idle time utilised by connecting more
computers on the same point to point link.
• Switches connecting computers to the link
multiplex data from each source.
• Common types of multiplexing
– Frequency Division Multiplexing (FDM)
– Synchronous Time Division Multiplexing (STDM)
– Statistical Multiplexing
22
Resource Sharing
23
Support for Common Services
24
• Computer networks provide the means for a
set of application processes distributed over
interconnected computers to communicate.
• Common services required for applications
built once and applications written on top of
these services.
• Each network connection on a computer may
support several logical channels.
• Channels provide the required communication
services, e.g., reliable delivery, best effort
delivery, security, etc.
Support for Common Services
25
Typical Issues
• Identifying common services.
• Locating network services, i.e., hosts or IMPs.
• Reusing services for emerging applications.
HTTP
HTTP
FTP
FTP
26
Principle of Locality of Reference
• Temporal Locality of Reference
If a pair of computers communicates once, the
pair is likely to communicate again in the near
future and then periodically.
• Physical Locality of Reference
A computer tends to communicate most often
with other computers that are nearby.
27
Local Area Networks (LANs)
• Networks based on physical network technology
designed to span distances up to a few thousand
meters.
• LANs typically share a common medium or a
switch.
• Computers on a LAN need to gain control of the
medium to be able to transmit.
• Data link layer divided into
– Logical Link Control (LLC) sublayer.
– Medium Access Control (MAC) sublayer.
28
LAN Topologies
Ring
Star
Bus
LAN Technologies
• Ethernet (IEEE 802.3)
– Bus topology, Carrier Sense Multiple Access with
Collision Detection (CSMA/CD) MAC, 10/100 Mbps
– Physical medium : Thick coaxial, thin coaxial,
Unshielded Twisted Pair (UTP), optical fibre.
• Token Ring (IEEE 802.5)
– Ring topology, Token passing MAC, 4/16 Mbps
– Physical medium : Shielded Twisted Pair (STP)
• Fibre Distributed Data Interface (FDDI)
– Dual counter rotating rings, Token passing MAC,
100 Mbps
– Physical medium : Optical fibre
29
Wide Area Networks (WANs)
30
• Networks built over technologies that are
capable of spanning large distances.
• A typical WAN consists of several interconnected switches.
• Switches examine the destination address of
each packet and determine an appropriate
route on the basis of a routing table
maintained in each switch.
• Routing tables only maintain enough information to be able to forward a packet to the next
hop towards the destination.
31
Packet Switches
Packet switches are essentially
computers, each with a
processor, IO ports and memory
Ports to connect
to other switches
Ports to connect
to computers
A set of interconnected switches
and hosts forms a WAN.
Connections between switches
need not be symmetric.
Packet switching is also known
as store and forward switching.
Packets switched to the same
output port need to be buffered
in a queue.
1
2
1
2
Queues
2 1
2 1
WAN Technologies
32
• Integrated Services Digital Network (ISDN)
– Circuit switched, designed to integrate voice and nonvoice applications
– Data rates
• Primary Rate Interface (PRI) - up to 2 Mbps
• Basic Rate Interface (BRI) - up to 128 kbps
• Frame Relay
– Connection-oriented WAN technology.
– Bandwidth on demand - A channel can use bandwidth
not being used by other channels.
– Complexity of the protocol reduced by relying on
higher level layers to perform error control.
WAN Technologies
Asynchronous Transfer Mode (ATM)
• Connection oriented technology.
• Virtual channels to the same endpoints grouped into
virtual paths. Switches in the network core manage
paths instead of individual channels.
• Uses small, fixed-sized packets known as cells. Cell
size fixed to 53 bytes. Reduces the complexity of
switches.
• Classes of service
– Constant Bit Rate (CBR) : emulates a dedicate link.
– Variable Bit Rate (VBR) : applications generate variable bit rate
traffic
– Available Bit Rate (ABR) : bit rate changed on feedback from net
– Unspecified Bit Rate (UBR) : best effort cell delivery
33
Network Protocols : Layering
34
• Objectives of networking achieved by dividing
the communications subsystem into different
layers.
Application
• A simple model.
• A layer provides services
to the layer above it and
uses services provided
by the layer below it.
• Advantages
– Complexity management
– Modularity
Channel Management
Host to Host Connectivity
Communication Hardware
Network Protocols
Layered Communication
• Virtual communication between peer layers.
• Physical communication between adjacent
layers except at the hardware layer.
Application
Channel Management
Host to Host Connectivity
Communication Hardware
Application
Virtual
Communication Channel Management
Host to Host Connectivity
Physical
Communication
Communication Hardware
• Peer layers communicate using protocols.
• Protocols define the syntax, semantics and
timing for peer layers.
35
36
Network Protocols : Encapsulation
• At the transmitter,
– A layer takes data from the upper layer and adds control
information for the peer layer.
– Control information added as the header.
– Header + data passed to lower layer.
• At the receiver,
– Incoming packets processed in a reverse order.
– Lower layer removes and interprets the header to determine
the operations to be performed.
– Remaining data passed to the upper layer.
– Ultimately, original data passed to application.
37
Network Protocols : Encapsulation
Application
Application
Data
Data
Channel Management
CMH
Channel Management
Data
CMH
Host to Host Connectivity
HCH
CMH
Data
Host to Host Connectivity
Data
HCH
Communication Hardware
CMH
Data
Communication Hardware
HCH
CMH
Data
Network Protocols : Multiplexing
38
• Computers in a network identified by a unique
address.
• Applications executing on a computer identified
by a unique identifier.
• All applications executing on computers over a
network can be uniquely identified by the
combination of the computer address and the
application identifier.
• A combination of computer address and
application identifier form one end of a logical
channel. A pair required to complete the
channel.
Network Protocols : Multiplexing
Several logical channels
exist over one physical
link.
File Service
ID : 106
B+106
Host : B
A+217
File Client
ID : 217
Web Service
ID : 108
Network
C+108
A+232
Web Client
ID : 232
Host : A
39
Host : C
Network Protocols
Reliability Issues
40
• Error control.
– Typical errors
• Bit errors
• Packet loss
– Control techniques
• Error correction
• Re-transmission
• Data reconstruction in some multimedia applications
• Sequencing to preserve order of messages.
• Flow control to allow fast hosts to communicate
with slow hosts.
Connection-oriented Protocols
41
• Virtual circuit established between terminals on a
packet switched network.
• Virtual circuit ensures reliable delivery of packets,
– Lost packets or packets with errors are retransmitted.
– Packets sequenced at destination.
– Timing constraints applied to reduce jitter.
• Types of virtual circuits,
– Permanent Virtual Circuits (PVCs): Set up by the
network administrator and emulate a leased line.
– Switched Virtual Circuits (SVCs): Set up by the user
application through a signaling process only for the
duration of the session. Also known as a virtual call.
• Connection has to be re-established in case of failure
Connectionless Protocols
42
• No connection is established before data
communication.
• Each packet or datagram contains the complete
destination address for the switches to determine,
with the help of routing tables, its routing.
• Network makes best effort to transport the packet to
destination, but gives no guarantees.
– Packets can be lost
– Packets from same source to same destination may
follow different paths and arrive out of order.
– Packets may be duplicated
• Packets routed via alternate routes in case of failure
of network elements.
43
ISO OSI Reference Model
Host A
Application
Presentation
Host B
Open System
Interconnection
Application
Presentation
Session
Session
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Subnetwork: One or more nodes
Network
Network
Data Link
Data Link
Physical
Physical
Physical
44
ISO OSI Reference Model
Layer
Implementation Description
Application
Software
Presentation Software
Session
Software
Transport
Software, OS
Network
Software, OS
Data Link
Firmware
Physical
Hardware
Access to OSI Environment,
Distributed Services
Managing Differences in Data
Representations
Managing Sessions Between
Cooperating Applications
End-to-End Reliable Data
Transfer
Routing, Switching,
Hetrogeniety Management
Reliable Communication over a
Physical Link
Transmission of Un-structured
Bit Stream over a Medium
Internet Protocol Suite
4 Layer Architecture
– Application Layer
– Transport Layer
Application
TCP
UDP
IP
Network Access
• Transmission Control Protocol (TCP): Reliable Delivery
• User Datagram Protocol (UDP): Best Effort Delivery
– Network Layer
• Internet Protocol : Connectionless (Best Effort) protocol
• Viewed as a Virtual Uniform Network that hides the
heterogeneity of underlying networks.
– Network Access Layer
• Combination of technology specific physical and data
link layers, e.g.., Ethernet, Token Ring, Frame Relay,
etc.
45
Internet Protocol Suite
46
• Internet Protocol (IP)
– Performs packet routing through the network.
– 32 bit globally unique addresses, combination of network
address and the host address.
• Transmission Control Protocol (TCP)
– Stream-oriented protocol
– Uses timers, acknowledgments and sequence numbers to
provide end-to-end reliability
• User Datagram Protocol (UDP)
– Datagram protocol
– Light weight as does not use timers, sequence numbers
and acknowledgments
TCP and UDP provide 16 bit port numbers to applications
47
Internet Protocol Suite
Application
TCP UDP
IP
Ethernet
Ethernet
Virtual Uniform Network
IP
Eth
IP
WAN
WAN TR
Gateway
Gateway
Application
TCP UDP
IP
Token Ring
Token
Ring
Internetworking
48
• Internetworking is the interconnection of two or
more networks.
• Internetwork or internet is an arbitrary
collection of networks interconnected to
provide host to host packet delivery service.
• Internets are logical networks built out of a
collection of physically heterogeneous
networks.
• Typical issues
– Heterogeneity: Addressing, flow control, MAC
methods
– Scale: Routing, addressing, naming, performance
Internet Routers
49
• Interconnects networks at the network layer.
• Maintains a routing table that determines the next
hop for the packet received.
• Routing tables may be static or dynamic.
• Fragments packets if the subnetwork to which the
packet is being forwarded supports smaller
packets.
• Manages a variable defining the life of a packet
and drops the packet if its life expires.
• While discarding a packet, a notification should be
sent to the source host.
Typical Vulnerabilities
50
• Interception
– Sniffing
– Message assembly and information consumption.
– Two basic paradigms,
• Sniffer sits on the same shared medium as the
transmitter or the receiver of message.
• Sniffer sits on a different subnetwork but the messages in
the environment being sniffed are relayed to the sniffer.
• Denial of Service
– Disrupting the services offered by a computing
environment.
– Consuming the resources of the computing
infrastructure by directing false service requests.
Interception
51
• Detecting and receiving packets of interest.
• Assembling packets of interests into messages.
• Determining applications that can process
intercepted and assembled messages.
• Invoking the respective application and
providing them the intercepted messages to
derive information.
Sniffing via Shared Medium
52
• Computers on local area networks share a
common medium.
• All messages transmitted via the shared
network are received by the network interfaces
of all computers on that network.
– Generally, the network interfaces reject packets not
destined to their host computers.
• A computer can be programmed to force its
network interface to receive all the packets
being communicated on the shared network.
– This program can be installed as a virus on an
unsuspecting host.
53
Sniffing via Shared Medium
A
123
1
2
3
Sniffer
C
B
1
2
D
12
123
12
Relaying Information to be
Sniffed to the Sniffer
54
• Sniffer is not connected directly to the target
environment.
• The target environment is connected to the Internet
via a router.
• Router can be (maliciously) programmed to route
packets on the target environment towards the sniffer.
• Once the sniffed, the intercepted information should
be routed back to the intended recipient to avoid
suspicion.
• May work only for target environments based on
segmented LANs.
55
Relaying Information to be
Sniffed to the Sniffer
Sniffer
123
123
1
2
3
Target
Environment
3
1
2
1
2
3
3
2
1
Hacking and
Reconfiguring
1
2
3
Typical Issues in Sniffing
• Sniffing via shared medium
– Installing and configuring the sniffer.
– Storing intercepted information.
– Relaying intercepted information to interested
parties.
• Email attachments.
• Sniffing remotely
– Router configuration.
– Relay time
• Time to destination via sniffer.
56
Possible Defenses
57
• Sniffing on a shared medium
– Host process audit.
– Email audit.
– Host address audit by sniffing to detect the sniffer.
• If a separate sniffer computer is deployed.
• Remote Sniffing
– Determining delays
• Application processing delays related to information
transfer.
• PInG results.
– Trace route
Denial of Service (DoS) Attacks
58
• Disruption of a specific set of services offered by a
computing infrastructure.
– Accomplished by consuming the resources of the
computing infrastructure by directing false service
requests to the target infrastructure.
– Target computing infrastructure exhausts its resources
while attempting to service these false requests.
– Resource starvation makes servicing of legitimate
requests.
• Resources generally targeted include
– Network bandwidth
– Router processing capabilities.
– Server disk and memory capacities.
Categories of DoS Attacks
59
• Two principle classes
– Logic attacks.
• Designed to exploit existing flaws in the software to cause
the target infrastructure to either crash or provide
degraded performance.
– Flooding attacks.
• Overwhelm the target infrastructure by sending large
number of spurious requests.
• Lack of capability to distinguish between legitimate and
illegitimate requests in flooding.
• Logic attacks are more lethal than flooding
attacks.
– Stealhier
– Focus on a particular host or group of hosts.
SYN Attack
60
• SYN attacks exploit a shortcoming of the TCP
connection establishment procedure.
– A TCP connection is established after a three way
handshake.
• The host initiating a connection (A) request sends a SYN packet.
• The host receiving the SYN packet (B) acknowledges ‘A’ with a
SYN/ACK packet.
• ‘A’ replies to ‘B’ with an ACK packet.
• Attacker initiates a connection request with a host but
never replies to the SYN/ACK packets.
• Target reserves some resources for the connection
and maintains them for some time.
• Generating SYN packets fast enough causes the
target to exhaust its resources in maintaining
incomplete connections.
61
TCP Connection Establishment
and SYN Attack
Client
1. SYN
Server
2. SYN/ACK
3. ACK
SYN
SYN/ACK
SYN
SYN/ACK
SYN
SYN/ACK
SYN
SYN/ACK
2
4
3
1
Ping of Death Attack
62
• Exploits the datagram size limitation of IP
– An IP datagram cannot have a size greater than
65535 bytes.
• In some operating systems, if an IP datagram
larger than 65535 bytes is received, the buffers
overflow causing the operating system to
behave abnormally.
• An attacker need not generate a complete a
complete IP datagram of 655356 bytes.
– The attacker can generate IP fragments that when
assembled at the destination can cause this effect.
Flooding Attacks
63
• Flooding attacks mostly concentrate on
consuming the bandwidth of the target
environment while affecting the resources of the
attacking environment as well.
• Simple DoS attacks (e.g., packet flooding) are
easy to detect.
• Identity of the attacker can be determined.
• DoS attackers apply IP spoofing to hide their
true identities.
– Falsifying own identity randomly for every
datagram.
Example: Flooding Attack
64
Distributed DoS (DDoS) Attack
65
• Multiple attackers concentrating their attack of a
single host of group of hosts.
• Typically an attacker compromises a set of
Internet hosts and installs a small attack
process on each.
– Slave or zombie attackers.
• A master controls the zombies to launch
coordinated attacks against the target.
– Usually flooding attacks.
DDoS (Contd.)
66
• Detection
– Traffic between the zombies and master is sporadic
and short.
– Attack traffic voluminous and can be traced back to
the specific zombies.
– Inability to detect the master does not eliminate the
possibility of further attacks even when the zombies
have been detected and eliminated.
• Detection can be avoided by generating
seemingly valid requests for services from the
target.
67
DDoS (Contd.)
Master
Control Plane
Slave
Slave
Slave
Slave
Slave
Slave
Attack Plane
Victim
Multilevel DDoS
68
• Two levels of slaves used under the master to avoid
detection.
– Master installs zombies and a smaller set of proxy slaves on
a different set of hosts.
– Master contacts the proxy slaves to initiate attacks from the
slaves.
• For slaves, proxies are the masters.
• Proxies designed to be simple and short-lived entities.
– Can delete themselves from their hosts to avoid detection.
– Generally only retransmit commands from the master to the
designated slaves.
• Master then compromises another set of unsuspecting
hosts to install a new set of proxies.
69
Multilevel DDoS
Master
Proxy
Slave
Slave
Proxy
Slave
Slave
Proxy
Slave
Slave
Slave
Victim
Slave
Slave
70
Distributed Reflector DoS (DRDoS)
• DDoS coupled with IP spoofing enables DRDoS
attacks.
– IP spoofing makes it difficult for the victim to isolate
the attack traffic.
– Also undermines the potential effectiveness of
traceback techniques for locating the source of the
spoofed attack traffic.
• Once an IP spoofed traffic reaches a server, the
reply is sent to the spoofed IP address.
DRDoS SYN Attack
71
• Attackers generate SYN requests for a number
of hosts on the Internet with IP spoofed
packets.
– IP spoofed address is the IP address of the real
victim.
• All the hosts receiving the SYN packets are
known as reflectors.
– Generate SYN/ACK packets for the victim.
• Depending upon the number of reflectors, a
huge amount of SYN/ACK traffic will be
generated on a single host.
DRDoS SYN Attack (Contd.)
Master
SY
N
SYN
AC
K
SY
N
C
/A
Victim
Reflector5
SY
N/
/ACK
Reflector4
CK
N/A
SY
K
N
SY
SY
N /A
CK
Reflector3
N
SY
Reflector2
Slave
N
SY
Reflector1
Slave
N
SY
SY
N
Slave
N
SY
CK
A
/
Reflector6
72
73
Characteristics of DRDoS Attacks
• Reflectors do not need to serve as amplifiers.
– Amplifiers are reflectors that generate greater
volume of traffic than they receive.
• Traffic incident on the reflectors may be small
enough not to be considered a DoS attack.
• As the number of servers on hosts run into
millions, involvement of even a few of these to
reflect traffic on a target can overwhelm the
victim.
Preventive Measures for DoS
Attacks
74
• To prevent DoS, attack traffic needs to be
detected and filtered.
• Filtering can be performed on the basis of static
rules.
– Specifying untrusted hosts and processes, and
unwanted packets.
• Dynamic filtering requires adaptation of the
filtering rules to the traffic patterns.
• To prevent DoS, filtering closest to the source
considered most effective.
– Network ingress filtering to block IP spoofed
packets.
210.13.12.132
unreachable
215.130.12.132
reachable
211.102.10.11
210.13.12.132
215.130.12.132
Generic Ingress Filtering
75
I1
Router
I2
I3
211.102.10.11
reachable
201.231.1.2
192.168.0.2
LAN
201.231.1.0
Non-spoofed packet
Spoof ed packet
Firewalls
76
• Firewalls are specially programmed routers
deployed between a particular LAN and the rest
of the Internet.
– Considered to be routers as they interwork two or
more networks and forward packets from one to the
other.
– Considered to be firewalls as they filter packets that
flow through them
• Deny access of LAN to Internet.
• Filtering in reverse direction to prevent LAN users access
to specific sites on the Internet.
• Cooperative security via network ingress filtering.
Firewalls
77
Firewalls
78
• Stateless Packet Filters
– Filtering decision is based on every packet
separately.
– Filtering based on host and process addresses.
• Stateful Packet Filters
– In addition to addresses, stateful packet filters also
examine the fields that specify application or higher
level protocols being serviced.
– Mistaking a valid packet sequence for a illegitimate
sequence is a major issue.
• Application Level Firewalls
– Examine application payload contents to determine
illegitimate requests.