![Page 1: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/1.jpg)
Network Security and Management
CS682 – Sessions 3 and 4Prof. Katz
![Page 2: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/2.jpg)
Public-Key Cryptography
Concept created by Diffie and Hellman in 1976Two keys are used, one for encoding the other for decodingAlso usually supports Digital Signatures
![Page 3: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/3.jpg)
Diffie – Hellman concepts
1. It is easy for party B to generate a public and private key
2. It is easy for sender A, knowing B’s public key and message M to generate the corresponding cyphertext
3. It is easy for B, knowing his private key and the cyphertext to compute the plain text
4. It is impossible for an opponent knowing B’s public key and the cyphertext to compute the plain text
5. It is impossible for an opponent knowing B’s public key and the cyphertext to compute the private key.
![Page 4: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/4.jpg)
Network Protocols
![Page 5: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/5.jpg)
A history of IP
Originally designed by the DOD for military purposesUsed to create the DARPANETDARPANET later evolved into the Internet for Educational purposesRecently been utilized more for commercial purposes
![Page 6: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/6.jpg)
IP Header
0 1 2 3 4 5 6 7 8 910
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
bits
Ver IHL Type of Service Total Length
IP Header
(Minumum length 20 Octets)
Identifier Flags Fragment Offset
Time To Live Protocol Header Checksum
Source Address
Destination Address
Options + Padding
![Page 7: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/7.jpg)
User Datagram Protocol (UDP)
A simple, connection-less layer 4 protocol for the transmission of non-critical dataNo reliability, No confirmation of delivery, No order of packets!Very Light protocol which sits on top of IP layer.Used by a number of ULPs including DNS, DHCP, and BootP.
![Page 8: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/8.jpg)
Port numbers
UDP introduces the concept of port numbers as a layer 4 address.Ports are used to indicate which layer 7 service should receive the packet and which produced it.When a server program starts it “binds” to the port it will use for communication (usually <1024), UDP then knows that data received for that port should be delivered to that program.
![Page 9: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/9.jpg)
Ports (cont.)
When a client service begins communication it can either request a specific port for communication or use a unique port provided by the OS.Server ports are static, client ports may be dynamic.
![Page 10: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/10.jpg)
Common UDP port numbers
67 – BooTP Server68 – BootP client69 – Trivial FTP
![Page 11: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/11.jpg)
UDP Header
0 1 2 3 4 5 6 7 8 91 0
1 1
1 2
1 3
1 4
1 5
1 6
1 7
1 8
1 9
2 0
2 1
2 2
2 3
2 4
2 5
2 6
2 7
2 8
2 9
3 0
3 1
Data
Source Port Destination PortLength checksum
![Page 12: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/12.jpg)
Header Values
Source port – The port on the source host which generated this messageDestination Port – The port on the destination host which should receive this messageLength – The length of the header and data
![Page 13: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/13.jpg)
UDP Checksum
The UDP checksum is calculated across the data and the header.The Checksum is the one’s compliment of the 16-bit sum of the words in the header and data.Additionally the 32-bit source and destination, the 8 bit protocol field, and the UDP length are included in the sum.
![Page 14: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/14.jpg)
UDP Checksum
On the receiving end all words are added to the checksum and the result should be all ones.If the result is not all ones then an error has occurred.
![Page 15: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/15.jpg)
Transport Control Protocol
Provides a connection oriented layer 4 serviceProvides guaranteesProvides sequence ability
![Page 16: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/16.jpg)
TCP Header
0 1 2 3 4 5 6 7 8 9
1 0
1 1
1 2
1 3
1 4
1 5
1 6
1 7
1 8
1 9
2 0
2 1
2 2
2 3
2 4
2 5
2 6
2 7
2 8
2 9
3 0
3 1
Source Port Destination Port
Sequence Number
Acknowledgement Number
Header len reserved
URG
ACK
PSH
RST
SYN
FI N Window size
Checksum Urgent Pointer
Options + padding
Data
![Page 17: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/17.jpg)
TCP Header (cont.)
Source and destination ports – Which application produced the packet and which should receive itSequence number – Identification of the relative location of the first byte in the packet to the first byte in the stream.Acknowledgement number – The sequence number of the next byte which the receiving station expects
![Page 18: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/18.jpg)
TCP Header (cont.)
UrgentAcknowledgementPushResetSynchronize sequence numbersFinal packet
![Page 19: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/19.jpg)
TCP Connection Establishment
Client Sends SYNServer Replies with SYN-ACKClient Replies with ACK
![Page 20: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/20.jpg)
TCP Connection maintenance
The Sequence number is incremented for every packet sentAn acknowledgement must be made before the window size is reached.An ack is sent for the next byte which the client expects to receive.
![Page 21: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/21.jpg)
TCP State Diagram
![Page 22: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/22.jpg)
![Page 23: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/23.jpg)
Fundamentals of network security
To employ good network security requires that you know everything about the network!We will forfeit some usability for security.If your recommendations are not followed – CYA!
![Page 24: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/24.jpg)
Common Network Protocols
HTTP – Used for traffic on the World Wide Web, usually port 80FTP – Used to transmit binary and ASCII data files, control connections on port 21Telnet – Used to obtain a shell on a remote system, usually on port 23POP3 – Used by clients to retrieve email on corporate servers, usually port 110SMTP – Used to transfer mail between domains/servers, usually port 25DNS – Used to Resolve Names, UDP port 54
![Page 25: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/25.jpg)
Request for Comments
Maintained by the Internet Engineering Task Force (www.IETF.org)Protocol designers publish documents and release them to the Internet community for comments and implementationRFCs are accepted today as rules for implementing protocols
![Page 26: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/26.jpg)
HyperText Transfer Protocol
Version 1.1 defined in RFC 2068No banner on connection establishmentClient should send all header information followed by a return character ‘\n’
![Page 27: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/27.jpg)
URI Specifications
Uniform Resource IdentifierUsed to indicate resources available on a network<scheme>://<authority><path>?<query>Eg. http://search.microsoft.com/search.asp?find=MS
![Page 28: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/28.jpg)
HTTP Options
Obtain all server information
![Page 29: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/29.jpg)
HTTP GET
Request for one file
![Page 30: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/30.jpg)
HTTP HEAD
Returns only the header information which would be obtained by a GET commandUseful for determining if a document should be downloaded or used from cache
![Page 31: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/31.jpg)
HTTP POST
Used to send LARGE (>500 Bytes) of data to a remote systemCan be used for large forms or for uploading files
![Page 32: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/32.jpg)
HTTP PUT
Same concept as POST but used only for uploading files
![Page 33: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/33.jpg)
Security Problems with HTTP
Buffer Overflows are commonNon-anonymous users send their username/password as a BASE64 encodingExcessive client data transmittedSnooping possible when uploading dataCookies
![Page 34: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/34.jpg)
FTP
Defined in RFC 959FTP Control connections are established on port 21USER is followed by a username and a return character and PASS followed by a password and a return character
![Page 35: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/35.jpg)
FTP Standard Data Connections
User initiates the data transfer and sets up a listener on a specific port, server connects to that port and “dumps” the file.
![Page 36: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/36.jpg)
FTP PASV Data Connections
User indicates that passive mode data transfer should occurUser selects file which should be transferredServer creates a listener and allows client to connect to it, once the connection is established, server “dumps” the file
![Page 37: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/37.jpg)
Security Problems with FTP
Buffer overflowsSecurity credentials are sent in cleartextOpens dynamic ports which firewalls may allow throughData is sent in cleartext
![Page 38: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/38.jpg)
Telnet
User connects to server port and server displays a welcome banner (usually /etc/issue.net) then requests loginClient responds to server’s login request with a valid username/passwordShell is activated STDOUT and STDERR mapped to client’s terminal
![Page 39: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/39.jpg)
Security Problems with Telnet
All data (including username/password) is sent in cleartextBuffer overflows and root attacks possible
![Page 40: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/40.jpg)
Post Office Protocol version 3
Defined in RFC 1725Used to download mail from a server for local reading when direct file access is not available or advisableVery popular on the Internet, almost the prime source of email
![Page 41: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/41.jpg)
Operation of POP3
User establishes a connection to the server port (Usually 110/tcp)Server greets userUser issues the USER command with a valid usernameServer will always respond with “+OK”User issues the PASS command with the passwordServer will attempt to authenticate the userIf successful “+OK” is returned otherwise “-ERR”
![Page 42: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/42.jpg)
Transaction state commands
STAT – see the total number of messages and bytesUIDL (#)– obtain the Unique ID Listing for messages in the mailboxRETR # – Retrieve one messageDELE # – Mark one message for deletionLIST (#) – Show the size of each a/all message(s)RSET – Mark all messages as undeletedTOP M# N# - Return the first N# lines from message M#
![Page 43: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/43.jpg)
Normal POP3 session
Pop3.txt
![Page 44: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/44.jpg)
Implementing POP3
When the user is authenticated open the mailbox and parse the messages in it into memoryRead in each command and respond appropriatelyWhen QUIT is received copy the contents of memory to the mailbox
![Page 45: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/45.jpg)
Problems with POP3
Authentication information is sent in clear text (although POP3 supports MD5 hashed authentication it’s not commonly used)Messages are sent in clear textBuffer overflowsRoot level attacks
![Page 46: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/46.jpg)
Simple Mail Transport Protocol
Defined in RFC 821Used for transmitting mail between servers and domainsTHE definitive solution for inter-domain mail transfer on the Internet
![Page 47: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/47.jpg)
Operation of SMTP
Remote server connects to the local machine, local machine greetsRemote machine introduces itselfRemote machine indicates who message is fromRemote machine indicates one or more recipientsRemote machine transmits data of the message
![Page 48: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/48.jpg)
Commands
HELO or EHLO – Command for remote machine to introduce itself to local machineMAIL FROM:<w@x> - indicates the sender of the messageRCPT TO:<y@z> - indicates the recipient of the messageDATA – indicates the start of the data transfer (concluded with a CRLF.CRLF string)
![Page 49: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/49.jpg)
Problems with SMTP
Buffer Overflows are commonMessages are sent in cleartext (by default)
![Page 50: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/50.jpg)
Normal SMTP sessionduke% telnet login.dataixl.com 25Trying 64.2.85.40...Connected to unix.dataixl.com.Escape character is '^]'.220 unix.dataixl.com ESMTP Sendmail 8.11.0/8.11.0; Wed, 14 Feb 2001 16:42:33 -0500HELO duke.poly.edu250 unix.dataixl.com Hello [email protected] [128.238.2.92], pleased to meet youMAIL FROM:<[email protected]>250 2.1.0 <[email protected]>... Sender okRCPT TO:<[email protected]>250 2.1.5 <[email protected]>... Recipient okRCPT TO:<[email protected]>250 2.1.5 <[email protected]>... Recipient okDATA354 Enter mail, end with "." on a line by itselfSubject: Hello
This is just a hello message.250 2.0.0 f1ELgoO22093 Message accepted for deliveryQUIT221 2.0.0 unix.dataixl.com closing connectionConnection closed by foreign host.
![Page 51: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/51.jpg)
The Domain Name System
Defined in RFC 1035Designed to resolve names into addressesDesigned to be a distributed systemDifferent Types of records for different purposes
![Page 52: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/52.jpg)
Types of Records
A – a host addressNS – Authoritative name Server addressSOA – Start Of AuthorityMX – Mail ExchangerHINFO – Hardware infoCNAME – Canonical name for an alias
![Page 53: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/53.jpg)
Operation of DNS
0. User types in www.microsoft.com into Web Browser Client requests the address of www.microsoft.com (A) from local DNS Local DNS checks it’s cache, if address is known it is immediately
returned to client otherwise Local DNS requests microsoft.com (NS) from root-server
Root-server responds to Local DNS with appropriate address for microsoft.com DNS
Local DNS contacts Microsoft.com DNS to resolve www.microsoft.com (A)
Microsoft.com DNS responds to Local DNS with address of www.microsoft.com (A)
Local DNS Responds to client with address of www.microsoft.com (A) Client Initiates TCP session to IP address associated with
www.microsoft.com (A)
![Page 54: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/54.jpg)
Authority
When you “Own” a domain name, you are responsible for maintaining at least one authoritative name serverThis server NEVER checks a cache and is the authority for queries to your domainIf this server goes down, so does your domain
![Page 55: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/55.jpg)
Authoritative domain file@ IN SOA dan.spacelab.net. dkatz.dan.spacelab.net. (
2001010801 ; serial number
86400 ; refresh: 24 hours
3600 ; retry: 1 hour
432000 ; expire: 5 days
86400 ) ; minimum: 1 week
IN A 64.2.85.40
IN NS unix
IN MX 0 unix
Localhost IN A 127.0.0.1
Unix IN A 64.2.85.40
IN HINFO P100/48MB/4.0GB LINUX
www IN CNAME unix
ftp IN CNAME unix
login IN CNAME unix
irc IN CNAME unix
nt IN A 209.14.148.179
IN HINFO K62-400/128MB/4.0GB WIN95
me IN CNAME nt
www2 IN A 209.14.148.180
IN HINFO 2xP90/100MB/4.0GB WINNT
![Page 56: Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d365503460f94a0db07/html5/thumbnails/56.jpg)
Diagnostic Tools (use with discretion)
DigNslookupWhois (available at
www.networksolutions.com)