COSC 316 COMPUTER HOSTS SECURITY - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

COSC 316 COMPUTER HOSTS SECURITY

Description:

Local and Wide area network have changed the landscape of computing forever ... 3.4 1038 addresses, or 5 1028(50 octillion) for each of the roughly 6.5 billion ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 43
Provided by: DrRo9
Category:

less

Transcript and Presenter's Notes

Title: COSC 316 COMPUTER HOSTS SECURITY


1
COSC 316 COMPUTER HOSTS SECURITY
  • SOUNDARARAJAN EZEKIEL
  • COMPUTER SCIENCE DEPARTMENT
  • INDIANA UNIVERSITY OF PENNYLVANIA
  • INDIANA, PA 15705

2
Part III Network and Internet Security Chapter
11 TCP/IP Networks
  • We will talk about
  • Networking Describe local and wide area network-
    how network service can be effectively secured so
    that you can take advantage of the opportunities
    while reducing exposure to the risks
  • IP the Internet Protocol
  • IP Security

3
Chapter 11 Networking
  • Local and Wide area network have changed the
    landscape of computing forever
  • Network allow people to communicate across a room
    or around the globe
  • Share resource printer, disk drives
  • Network is part of our life
  • Also share security problem
  • Network used to attack many organization/
    institutions/ gov.
  • Every benefit network created and the same time
    it created risks

4
HISTORY
  • http//www.zakon.org/robert/internet/timeline/
  • 1967 ARPANET design discussions held by Larry
    Roberts at ARPA IPTO PI meeting in Ann Arbor,
    Michigan (April)
  • ARPANET commissioned by DoD for research into
    networking
  • Nodes are stood up as BBN builds each IMP
    Honeywell DDP-516 mini computer with 12K of
    memory ATT provides 50kbps lines
  • Node 1 UCLA (30 August, hooked up 2 September)
  • Function Network Measurement Center
  • System,OS SDS SIGMA 7, SEX
  • Diagram of the first host to IMP connection
  • Node 2 Stanford Research Institute (SRI) (1
    October)
  • Network Information Center (NIC)
  • SDS940/Genie
  • Doug Engelbart's project on "Augmentation of
    Human Intellect"
  • Node 3 University of California Santa Barbara
    (UCSB) (1 November)
  • Culler-Fried Interactive Mathematics
  • IBM 360/75, OS/MVT
  • Node 4 University of Utah (December)
  • Graphics

5

First host
4 nodes
6
Continue
  • Network divided into 2 types
  • LAN Local Area Network uses Ethernet
  • WAN Wide Area network
  • MAN metropolitan area network
  • Topology
  • physical layout of resources
  • how resources communicate
  • allow for expansion
  • meet security requirements
  • Three basic connection topologies
  • Bus - Single cable segment
  • Star - Central connection point
  • Ring - Forming a loop
  • Three variations or combinations
  • Mesh
  • Star bus
  • Star ring

7
Star
Bus
8
BUS
  • Bus Topology
  • Bus Communication
  • How the signal is sent
  • Signal bounce
  • Cable termination to prevent bounce
  • Bus Environment
  • One computer sends at a time
  • Passive topology
  • only listen for data
  • Adding computers slows network
  • Cable failure downs entire network
  • Signal Bounce
  • Occurs when cable ends are not terminated
  • Other computers cannot send data

9
BUS
  • Cable Termination
  • A terminator is attached to each end
  • Prevents signals from bouncing
  • Cable Failure
  • Cable break
  • Cable is physically cut
  • One end becomes disconnected
  • Halts all network activity
  • Computers can still function standalone
  • Bus Network Expansion
  • Ethernet 10Base2 (thinnet)
  • Expanded by BNC barrel connector
  • Distance causes signal to weaken
  • attenuation
  • A repeater boost signal strength
  • amplifies errors

10
STAR
  • Star Topology
  • Star Environment
  • Central connection point
  • hub or concentrator
  • each device has separate wire
  • home run
  • More cable required
  • Cable failure is device isolated
  • except for hub
  • Ring Topology
  • Ring Environment
  • Device connects to next in line
  • Circle of cable
  • Device receives signal
  • acts on signal or
  • passes signal along
  • Signals travel in only one direction

11
RING
  • Token Passing
  • Active topology
  • each device receives/sends
  • Packet of data is passed around ring
  • receipt of token is acknowledged
  • Single ring/dual ring
  • Fair sharing of network resources
  • Hubs
  •  Hub Environment
  • Also known as concentrator
  • Star network
  • Central point of connection
  • Active hubs
  • Passive hubs

12
HUBS
  • Active Hubs
  • Majority of installed hubs today
  • Receive, regenerate, pass on signals
  • Have many ports (8 or more)
  • Multiport repeaters
  • Electrical power required
  •  Passive Hubs
  • Central connection point
  • Wiring panel
  • Punch down block
  • Passes along signals
  • No electrical power required
  •  Hybrid Hubs Switches
  • Connect different cable types
  • Maximize network efficiency
  • Utilize different topologies
  • Enjoy the benefits of each topology

13
HYBRID
  • Mesh Topology
  • Every device interconnected
  • Most expensive
  • Most Fault tolerant
  • Cable fault tolerant
  • Device fault tolerant
  • Star Bus Environment
  • Star hubs
  • Interconnected on a bus backbone
  • Device failure minimized
  • Hub failure affects only that star
  • Star Ring Topology
  • Network wired as star
  • Network traffic handled as ring
  • Failure limited to single device
  • Individual machine backups
  • Outer hubs can be connected to inner ring

14
MESH TOPOLOGY
STAR BUS
15
Who is on the internet
  • Initially few researchers
  • Now days no one knows attackers in Netherlands
    broken system in Australia, connected through
    Australian computer in South Africa, and
    connected through South African computer to New
    York University and use NY as a base to attack
    many places in US it is called network weaving
    or connection laundering
  • You cannot do any thing some time that country
    will not consider it is a crime

16
Networking and Unix
  • Unix both benefited and contributed to networking
  • Berkeleys 4.2 in 1983 provided a straightforward
    and reasonably reliable implementation of the IP
  • Unix has many network services
  • Remote virtual terminals telnet
  • Remote file services- ftp
  • Information service http
  • Electronic mail
  • Electronic directory service finger, whois
  • Date and time
  • Remote procedure

17
IP The Internet Protocol
  • IP is the glue that holds together modern
    computer network
  • We will talk about IPv4 the fourth version of
    Internet Protocol which has been used for on the
    internet since 1982 now we have IPv6
  • Data is sent in blocks of characters called
    datagram or packets each packet has a small
    block of bytes called the header which
    identifies the sender and intended destination
    on each computer
  • Followed by header there is a huge data is
    called content

18
Modems and Security

19
IP
  • Packet may take different path because Internet
    switch packets not circuits it is called packet
    switching network
  • There are 4 distinct ways to directly connect two
    computers using IP
  • 2 computers can all be connected to same LAN
  • 2 computers can be directly connected to each
    other with a serial line
  • 2 computers can be connected through router
  • The IP packets can themselves be encapsulated
    within packets used by other network protocol by
    ATM Asynchronous Transfer Mode network

20
Internet Address
  • IPv4 32 bit address set of four 8-bit numbers
    called octets
  • Sample address 18. 70. 0. 224
  • Each number is between 0-255 this notation is
    called dotted quad -- typically abbreviated
    ii.jj.kk.ll
  • Theoretically 232 4, 294, 976, 296
  • http//en.wikipedia.org/wiki/IPv6
  • IPv6 supports 3.41038 addresses, or 51028(50
    octillion) for each of the roughly 6.5 billion
    people alive today.

21
IP networks
  • Internet is a network of network
  • Each network is given its own network number
  • There are 2 methods of looking at network numbers
  • Classical network addresses
  • There are 5 primary kinds of IP address in the
    classical address scheme the first few bits of
    the address ( the msb ) define the class of
    network to which the address belongs the
    remaining bits are divided into a network part
    and host part
  • Class A addresses
  • Host on class A network have addresses in the
    form N.a.b.c -- N network address--- a.b.c.
    Is the host numbers the most significant bit of
    N must be 0
  • Most of the class A network divide their internal
    network as class B, C network it is called
    subnetting

22
Classical network
  • Class B addresses-N.M.a.b N.M is the network
    numbers and a.b is the host n umbers, MSB of N is
    10 major universities and major organizations
  • Class C addresses- N.M.O.a , N.M.O is network
    number a is host numbers MSB of N is 110 max
    245 hosts most organization
  • Class D addresses- N.M.O.a, most significant
    bit is 1110 not actually of networks but of
    multicast groups
  • Class E addresses- N.M.O.P msb of N is 1111
    reserved for experimental use

23
CIDR addresses
  • CIDR- Classless InterDomain Routing- Address of
    the form k.j.l.( m..n) no classes networks
    are defined as being the most significant k bits
    of each address, with remaining 32-k given a
    range of addresses whereby the first 14 bit of
    the address are fixed at a particular value,
    and the remaining 18 bits represent the portion
    of the address available to allocate to hosts
  • CIDR scheme is compatible with the classical
    address format with class A, with 8 bit, B with
    16 bit . Ex. 10.0.0.0/8, 192.168.0.0/16

24
Routing
  • Despite the complexity of the internet and IP
    addressing, computers can easily send each other
    messages across the global network.
  • To send packet most computers simply set the
    packets destination address and then send the
    packet to a computer on their local network
    called gateway. -- if the gateway makes a
    determination of where to send the packet next,
    the gateway is router. The router takes care of
    sending the packet to its final destination by
    forwarding the packet to a directly connected
    gateway that is one step closer to the
    destination host.

25
Host Name
  • Hostname is the name of a computer on the
    internet.
  • Host names make life easier for user - they are
    easier to remember than IP address.
  • A single hostname can have more than one IP
    address, and a single IP address can be
    associated with more than one host name.
  • Sample host name cosc.iup.edu
  • Internet adopted a distributed system for
    hostname resolution known as the Domain Name
    System (DNS)

26
Packets and protocols
  • Protocols rules
  • ICMP- Internet Control message protocol-- used
    for low level operations of the IP protocol
  • TCP- Transmission Control Protocol creates 2 way
    connection between 2 computers
  • UDP- User Datagram Protocol- send packet to host
    to host
  • IGMP- Internet Group Management Protocol- control
    multicasting
  • For more details read the enclosed chapter

27
ICMP
  • Internet Control Message protocol (ICMP) is used
    to send messages between gateways and hosts
    regarding the low-level operations of the
    internet.
  • Example ping command uses ICMP echo packets to
    test for network connectivity, the response to an
    echo packet is usually either can ICMP Echo reply
    or an ICMP destination unreachable message type
  • Each ICMP packet contains a header that include
    the following information
  • Host address of the packets source- 32 bit
  • Host address of packet destination-32 bits
  • Packet type 8 bit

28
ICMP
  • Typical ICMP packet types
  • 0 - for echo reply
  • 3 destination unreachable
  • 4 source quench
  • 5 redirect
  • 8,9,10,11,12,13,14,15,16,17,18.
  • Most important types are 3,4 and 5
  • An attacker can use this to redirect, denial of
    service
  • Other types present less risk
  • If you use firewall, you can safely block
    incoming packet types 5, 13, 14, 17 18 and
    outgoing types 5, 11, 12, 13, 14, 17 18

29
TCP
  • TCP provides a reliable, ordered, 2-way
    transmission stream between 2 programs that are
    running on the same or different computers
  • Reliable means guaranteed to reach its
    destination
  • Each TCP connection is attached at each end to a
    port ports are identified by 16-bit numbers
  • Some well known port 80 for HTTP servers and port
    25 for SMTP
  • TCP packets are IP packets that include an
    additional TCP header. This header contains among
    other things
  • TCP port number of the packets source
  • TCP number of the packets destination
  • Sequence information, so that the receiver can
    correctly assemble the information in this TCP
    packets to its correct point in the TCP stream
  • Flow control information
  • TCP checksum

30
TCP
  • At any instant , every IPv4 connection on the
    internet can be identified by a set of two 32-bit
    numbers and two 16- bit numbers
  • Host address of the connections originator( from
    the IP header)
  • Port number of the connections originator ( from
    the TCP header)
  • Host address of the connections target ( from IP
    header)
  • Port number of the connections target ( from the
    TCP header)
  • TCP protocol uses 2 special bits in the packet
    header SYN and ACK

31
TCP
  • TCP 3-way handshake - to open TCP connection,
    the requesting host sends a packet that has the
    SYN bit set but not have ACK bit set- the
    receiving host acknowledge the request by sending
    back a packet that has both the aSYN and the ACK
    bit set. Finally, the originating host send a
    third packet, again with the ACK bit set, but
    this time with the SYN bit unset
  • TCP is used for HTTP ( hypertext transfer
    protocol) , remote terminal service, file
    transfer, and electronic mail. Also used for
    sending commands to display using the X window
    system

32
TCP
  • Some Common TCP services and ports

79, 80, 110, 111, 113, 119, 143, 443, 512, 513,
514, 515, 1080, 2049, 6000-6010
33
UDP
  • UDP
  • The user datagram protocol provides simple,
    unreliable system for sending packets of data
    between two or more programs running on the same
    or different computer
  • Unreliable means the OS does not guarantee that
    every packet sent will be delivered or that
    packets will be delivered in order.
  • Client and Servers Internet is based on the
    client/server models programs called clients
    initiate connection over the network to other
    program called servers, which wait for the
    connections to be made.

34
Name Service
  • Early days of internet, a single /etc/hosts file
    contained the address and name of each computer
    on the internet.
  • But as the file grew to contained thousands of
    lines and as changes to the list of names ( name
    space) started being made on a daily basis, a
    single /etc/hosts file soon become impossible to
    main.
  • Instead, the internet developed a distributed
    network-based naming service called the Domain
    Name Service (DNS).

35
DNS under Unix
  • DNS under Unix
  • The reference Unix implementation of DNS is named
    BIND
  • It was originally written at the University of
    California at Berkeley and now maintained by the
    internet Software Consortium (ISC)
  • This implementation is based on 3 parts- a
    library for the client side and 2 programs for
    the server
  • Resolver client server
  • Named ( in.named)
  • Named-xfer

36
Other Naming Services
  • In addition to DNS, there are at least 4
    vendor-specific system for providing name
    service and other information to networked
    workstations
  • NIS and NIS -- Sun Microsystems originally
    called yellow pages it is like data base
    NIS totally rewritten of NIS
  • NetInfo ( Apple Inc) similar to NIS
  • DCE ( Open Software Foundations)
  • Another system used to provide information is
    the LDAP directory service.
  • Some of these will be described in chapter 14

37
IP Security
  • Computer on the Internet have been subject to
    many different attackers
  • Password-guessing attacks
  • Social Engineering Attack
  • Server vulnerability attack
  • Network sniffers
  • IP spoofing attacks
  • Connection hijacking
  • Data spoofing
  • Denial of service attacks
  • Distributed denial of service attacks

38
Reasons
  • There are several reasons for this apparent
    failure
  • IP is not sufficiently resilient to attack
  • IP was not designed to provide security
  • IP is an evolving protocol
  • Several techniques for IP security
  • Using encryption to protect against eavesdropping
  • There are several places to encrypt
  • Link-level-encryption
  • End-to-end encryption
  • Application-level encryption

39
Reasons
  • Hardening OS and application against attacks
  • This process involves inspecting, testing and
    frequently modifying the network stack, clients,
    and serves
  • Some attacks
  • X window attack
  • Ping of death
  • SYN flood attack
  • Physically isolating vulnerable system from
    attackers
  • Isolate with no firewall, modems or other forms
    of remote access allowed

40
Continue
  • Employing system in the path of potentially
    hostile network traffic to screen connections to
    deny or redirect malicious traffic these are
    known as firewalls
  • Developing advanced systems for authentication
    that do not rely on IP address or hostnames
  • Some attacks-
  • Client flooding
  • Bogus nameserver cache poisoning
  • Rouge DNS server

41
Continue
  • Deploying decoy system to detect attacks that are
    in progress and to distract attackers from more
    valuable system
  • Often these systems are build with known
    vulnerabilities to increase their likelihood of
    attacks
  • Decoy system, sometime called honeypots have 2
    primary advantages
  • Because they are closely monitored, decoy system
    can be used to learn about attackers. can
    reveal attackers location, techniques,
    motivations, skill level, objectives, etc
  • If a decoy system is sufficiently rich and
    compelling, exploring that system might consume
    so much of the attackers time that the attacker
    will not have the time to attack system that you
    actually care about

42
Conclusion
  • Connecting to a network opens up a whole new set
    of security considerations above and beyond those
    of protecting accounts and files
  • Various forms of network protocols, servers,
    clients, routers and other network components
    complicate the picture.
Write a Comment
User Comments (0)
About PowerShow.com