1 securing network services. 2 how tcp works set up connection between port on source host to port...
TRANSCRIPT
![Page 1: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/1.jpg)
1
Securing Network Services
![Page 2: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/2.jpg)
2
How TCP WorksSet up connection between port on source host to port on destination
hostEach connection consists of sequence of numbered packets, with
source (port, address), destination (port, address) and flags– First packet – SYN (synchronize sequence numbers)– Response packet - SYN & ACK– Thereafter – ACK– Last packet – FIN & ACK
Ports are associated with services:– 21 - FTP– 25 – e-mail– 80 - http– many many more
Based on client-server model
![Page 3: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/3.jpg)
3
How UDP works
Unreliable (unwarranted) delivery of information between systems -- No acknowledgement
Ports for UDP services– Port 123 -- Network Time– Port 53 -- DNS– Port 69 -- TFTP– Port 514 -- Syslog– Port 517 – Talk
Based on stateless distribution of information
![Page 4: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/4.jpg)
4
Application Services
Domain Name Service (DNS) -- TCP/UDP– Replaced /etc/hosts files– Tree-structured query system– Replies -- either answer or reference to more
refined domain
Mail -- TCP (port 25)
FTP -- file transfer protocol -- TCP
HTTP -- World Wide Web -- TCP
![Page 5: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/5.jpg)
5
TCP/IP Services
Many have security risks– Ways to access your computers– Information on your computers and your users
Can block them all (Paranoid approach)
More often-- keep some, block others
Blocking method -- firewalls
![Page 6: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/6.jpg)
6
General Points
Will discuss variety of services with security implications– Not full list of internet services– Not full list of security problems
Administrators need to understand implications before offering service– CERT advisories– Configuration options– Prudent attitude
![Page 7: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/7.jpg)
7
User Education
• Suspicious network behavior
• Suspicious user behavior
• Who to contact
• When to contact
• Exercises
![Page 8: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/8.jpg)
8
Web
WWW: World Wide Web– System for automated information exchange– Allows rapid access to flexibly-presented information– Well over 50% of Internet traffic
Presentation Options:– Formatted Hypertext– Bitmap graphics– Program execution (CGI scripts, Applets, etc.)– Audio– Movies– Many more
![Page 9: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/9.jpg)
9
WWW Threats
• Exploitation of server or script bugs
• Disclosure of unauthorized information
• Interception of confidential information
• Information loading from web client by rogue server
• Dependence on licensed software
![Page 10: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/10.jpg)
10
WWW Risky Options
• Server-side includes
• Sending email from server
• Accessing PERL on server
• Spawning sub-processes
• Calling scripts outside of controlled directories
• Mixing HTTP and anonymous FTP
![Page 11: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/11.jpg)
11
WWW Access Control
• Configure scripts to be read and executed only by server
• Use prudent access to exported files
• Don’t use per-directory access files
• Use certified public keys for access
• Use server-side password for access
![Page 12: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/12.jpg)
12
WWW Privacy
Network-side:– Link encryption– Document encryption– Secure Socket Layer– Secure HTTP– All subject to limitations on Encryption
Log files:– Restrict access– Don’t retain on server machine– Use syslogd– Warn users about logging
![Page 13: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/13.jpg)
13
Web Browsers
• Executing code from the net
• Trusting vendors / Licensing
• Dependence on third parties
![Page 14: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/14.jpg)
14
RPCRemote Procedure Calla) Calling program calls client code and waitsb) Client code bundles parameters into message to server (XDR -
external data representation)c) Server executes call with supplied data, returning result in message
to client coded) Client code returns result to calling programRequires:
– Client knowing server– Client & Server agree on communication (portmapper)
Authentication:– Auth_none - live fast, die young– Auth_UNIX - UID/GID authentication (trust client)– Auth_DES - Secret/public key authentication
(Diffie/Hellman key exchange, DES encryption)– Auth_KERB - Kerberos authentication
![Page 15: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/15.jpg)
15
Kerberos
Produced for MIT project ATHENA
Authenticates:• User to client and server• Client to server• Server to client
Centralized and stateless• Passwords stored unencrypted on central server• Never transmitted across network
![Page 16: 1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence](https://reader036.vdocument.in/reader036/viewer/2022082518/5697bf731a28abf838c7efd5/html5/thumbnails/16.jpg)
16
Kerberos Protocols
Login:– User enters username and password– Client sends username and current time encrypted with
password– Server decrypts information and verifies valid user– Returns session key encrypted with user password
Service Request:– Client sends request to ticket-granting server, encrypted with
session key– TGS responds with identity of server, encrypted ticket all
encrypted with session key– Client passes encrypted ticket to server with client IP and
username