Lesson 7: Network Security and Attacks

1
Lesson 7 Network SecurityandAttacks
2
Computer Security Operational Model
Protection Prevention
(Detection Response)
Access Controls Encryption Firewalls
Intrusion Detection Incident Handling
3
Security Operational Model

• Vulnerability Assessment Services
• Vulnerability Scanners

• Intrusion detection
• Firewalls
• Encryption
• Authentication

• Security Design Review
• Security Integration Services

• 24 Hr Monitoring Services
• Remote Firewall Monitoring

4
Protocols

• A protocol is an agreed upon format for
  exchanging information.
• A protocol will define a number of parameters
• Type of error checking
• Data compression method
• Mechanisms to signal reception of a transmission
• There are a number of protocols that have been
  established in the networking world.

5
OSI Reference Model

• ISO standard describing 7 layers of protocols
• Application Program-level communication
• Presentation Data conversion functions, data
  format, data encryption
• Session Coordinates communication between
  endpoints. Session state maintained for
  security.
• Transport end-to-end transmission, controls data
  flow
• Network routes data from one system to the next
• Data Link Handles passing of data between nodes
• Physical Manages the transmission media/HW
  connections
• You only have to communicate with the layer
  directly above and below

6
TCP/IP Protocol Suite

• TCP/IP refers to two network protocols used on
  the Internet
• Transmission Control Protocol (TCP)
• Internet Protocol (IP)
• TCP and IP are only two of a large group of
  protocols that make up the entire suite
• A real-world application of the layered
  concept.
• There is not a one-to-one relationship between
  the layers in the TCP/IP suite and the OSI Model.

7
OSI and TCP/IP comparison
OSI Model Application Presentation Session Tra
nsport Network Data-link Physical
TCP/IP Protocol Suite NFS FTP, Telnet, SSH,
SMTP SMB HTTP, NNTP RPC TCP,UDP
IP ICMP ARP Physical
Application-level protocols
Network-level protocols
8
TCP/IP Protocol Suite
User Process
User Process
User Process
User Process
TCP
UDP
IP
ICMP
IGMP
HW Interface
RARP
ARP
Media
9
Encapsulation of data
application
TCP
IP
Ethernetdriver
Ethernet
10
Establishment of a TCP connection(3-way
Handshake)
11
IP Centric Network
...
Layer 6/7 Applications
...
RETAIL
BANKING
B2B
MEDICAL
WHOLESALEl
Layer 5 Session
X
FTP
SNMP
SMTP
NFS
DNS
TFTP
NTP
Telnet
Windows
BGP
RIP
Layer 4 Transport
IGP
TCP
UDP
IGMP
ICMP
EGP
Layer 3 Network
IP
Ethernet
802.5
802.4
802.3
X.25
SLIP
802.6
Frame
Layer 2 1 Data Link Physical
SMDS
Relay
IPX
ATM
Arcnet
PPP
Appletalk
12
Twenty-six years after the Defense Department
created the INTERNET as a means of maintaining
vital communications needs in the event of
nuclear war, that system has instead become the
weak link in the nations defense
USA
Today - 5 Jun 1996 True hackers don't give up.
They explore every possible way into a network,
not just the well known ones.
The hacker Jericho. By failing to
prepare, you are preparing to fail.
Benjamin Franklin
13
Typical Net-based Attacks -- Web

• Popular and receive a great deal of media
  attention.
• Attempt to exploit vulnerabilities in order to
• Access sensitive data (e.g. credit card s)
• Deface the web page
• Disrupt, delay, or crash the server
• Redirect users to a different site

14
Typical Net-based attacks -- Sniffing

• Essentially eavesdropping on the network
• Takes advantage of the shared nature of the
  transmission media.
• Passive in nature (i.e. just listening, not
  broadcasting)
• The increased use of switching has made sniffing
  more difficult (less productive) but has not
  eliminated it (e.g. DNS poisoning will allow you
  to convince target hosts to send traffic to us
  intended for other systems)

15
Typical Net-Based Attacks Spoofing, Hijacking,
Replay

• Spoofing attacks involve the attacker pretending
  to be someone else.
• Hijacking involves the assumption of another
  systems role in a conversation already taking
  place.
• Replay occurs when the attacker retransmits a
  series of packets previously sent to a target
  host.

16
Typical Net-Based Attacks Denial of Service

• DOS and Distributed DOS (DDOS) attacks have
  received much attention in the media in the last
  year due to some high-profile attacks. Types
• Flooding sending more data than the target can
  process
• Crashing sending data, often malformed,
  designed to disable the system or service
• Distributed using multiple hosts in a
  coordinated attack effort against a target system.

17
A Distributed DoS in Action
The Internet
18
The Attack Phase
The Internet