network security unless otherwise noted, material (images) in these slides are from security in...

Network Security

Unless otherwise noted, material (images) in these slides are from Security in Computing

by Pfleeger and Pfleeger.

Organization of this session

• Overview of networks and network architectures.– Layered model of networks.– The concept of network protocols.

• Vulnerabilities, threats and exploits to networks. – A survey of exploits.

• How vulnerable is our network? – Following the footsteps of attackers – Using ping, traceroute, nmap and nessus to

determine how vulnerable a network really is.

Figure 7-1 Simple View of Network.

Overview of a network: A simple view.

Usually a PC or workstation.

Called “Client”

Called “Server”. Provides some service, e.g.

“Web Server” or “Mail server”.

Communication media: e.g., microwave,

broadband, telephone cable, bluetooth,

cellular etc..

Image © Security in Computing 3rd Edition, by Pfleeger and Pfleeger.

More Complex but More Typical View of Networks.

User C

User A

User B

System 2

System 1

A more realistic scenario: When user A sends a message to System 3, she may not be aware that the message is passing through System 1.

System 3

Network terminology

© Pfleeger – Material on this slide and others from the textbook Security in Computing by Pfleeger. Page 382.

• Node: usually a workstation or PC or a router (a device that routes network data).

• Links: end points of a communication link. • Media: for transmission.

Next: Introduction to network security – who attacks networks?

Who attacks networks, what are their motives?

• Challenge. • Examples: Robert Morris;

the Cult of the Dead Cow.• Fame.

• Examples: Kevin Mitnick.• Money and Espionage. • Organized Crime.

• E.g., Shadowcrew (28 member gang). • Ideology (from recent press clippings)

• e.g., Hactivism (Hackers anonymous on VISA/Mastercard due to fallout with Wikileaks), Cyberterrorism.

Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.

What makes networks vulnerable?

• Class exercise:

• what are some of the threats to networks that you are familiar with?

• what makes networks such a juicy target?

What makes networks vulnerable?

Here are some possible reasons: • Anonymity.• Many points of attack (targets and origins)• Sharing.• Complexity of the system.• Lack of single ownership, control,

understanding• Unknown perimeter• Unknown Path.

We will look at some of these issues in more detail…


Anonymity.

Attackers are harder to trace as they can hide behind several routers and proxies.

© Peter Steiner , The New Yorker, (July 5 1992). This cartoon is being used on this slide under the Fair Use clause of the U.S Copyright act only for classroom teaching.

http://www.levity.com/seabrook/eustace.html

Figure 7-11 Unclear Network Boundaries.

Complex networks may not have clear boundaries. E.g., Network C (which contains multiple computers) can be accessed from B, A and D. Part of Network C is accessible in D.


Another example of unclear boundaries

ruacad.radford.edu

Radford’s network issue: can we reach a machine from from off-campus without using VPN?

Cautela.radford.edu

RU’s firewall – forces everyone to use the CISCO VPN client from off-campus to access a machine on-campus

ruacad is a computer outside RU’s firewall. Can be used to reach most computers inside the campus.

So a RU student can first login to ruacad and then into any campus machine without going through the VPN.

Figure 7-12 Uncertain Message Routing in a Network.

If you want to control traffic from A to B, cannot install the controller only on C or D.


Next: Understanding how network software works:concepts of protocols and layers.

Protocols: software that drives networks.

• Communications between computers requires very specific unambiguous rules called a protocol.

• A protocol is a set of rules that governs how two or more communicating parties are to interact

Meaning of a protocol (simple example)

• E.g., consider this example (this is a protocol) and fill in the blanks:

Me: Knock Knock…You: ______Me: YaYou: ______

How did you know what to fill in the blanks?

This is an example of a protocol.

© Anonymous. Unable to attribute.

Another example of a (non computer network related) protocol

• Example: A student wants to ask the instructor a question. – What steps does the student take to

ask the question? – What steps does the instructor take to

answer a question?

• Next: The world of protocols gets complicated…

A small task in a computer network can be quite complicated – multiple protocols for

each task … • Suppose we want to send an email from one computer

to another. Let us look at a few tasks involved in a computer network.

User

Network

User

Desktops

Source

Destination

6. Different types of transmission media: cable, wireless, bluetooth …

DigitalTransmission lines

2.Intermediate machines (which maybe different from each other to exchange the email.

3. Routing the data through the network: what if there are multiple routes? How to pick the best one?

5. Congestion control mechanisms: dealing with too much traffic

4. Error checks – any errors during transmission?

Destination

1. Different formats for different networking data.

A small task in a computer network can be quite complicated – multiple protocols for

each … • Suppose we want to send an email from one computer

to another. Let us look at a few tasks involved in a computer network.

User

Network

User

Desktops

Source

Destination

6. Different types of transmission media: cable, wireless, bluetooth …

DigitalTransmission lines

3.Intermediate machines (which maybe different from each other to exchange the email.

3. Routing the data through the network: what if there are multiple routes? How to pick the best one?

5. Congestion control mechanisms: dealing with too much traffic

1. Different types of network data, e.g., email is different from a web request or an IM.

4. Error checks – any errors during transmission?

Destination

Decisions decisions…

How does a computer network deal with so many decisions? (remember all these decisions need to be made by software programs)

(A)Give up and go back to using pigeons

(B)Develop interfaces, and modules that implement the interface. The interface (API) is called a "protocol".

Answer B. Observations: • Each decision in some ways is made by a protocol.• Also, protocols need to work together to accomplish a

task (e.g., sending an email).• Some protocols deal with lower level details (e.g., wired

or wi-fi? Paper or plastic?) and some deal with higher level details (e.g., HTTP or Email?, Error check or no error check?)

Examples of different computer network protocols and their

levels.Higher level details1. Web-client speaks to the web-server using HTTP – hyper text transfer

protocol.2. SSH (Secure Shell protocol) is used to allow for secure remote

connections. 3. SIP (Session Initiation Protocol) is used to make VoIP telephone calls.

Slightly lower level details (Transport/routing)4. Transport control protocol (TCP) (e.g., task error checking) – checks if network data reached its destination without errors. Retransmit if necessary, 5. IP (Internet Protocol) is used to find “good” route to transport the packet.

Lower level details6. Medium Access protocol: Protocols that determine how to use and share a specific communication medium (e.g., medium: wired, wifi, bluetooth) when sending data.• to avoid collisions between data when the same communication

media are being used to transmit different data items.

Layers, Services & Protocols

• Specifically, every network application (e.g. email client) runs certain specific services from protocols:

– Transport: across a network from source to destination.• Deals with tasks such as error check and correction.• Identifying destination address.

– Routing and forwarding: across multiple hops.• More short sighted….

– Transferring raw data from one physical interface to another. • Least sighted

• These protocols are therefore organized into layers.

Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521

Protocols work with each other (Example).

• First some pre-requisite knowledge:– Domain names: When browsing the Internet, we use domain names – these are names

given to a specific server or group of servers. E.g., www.radford.edu is the domain name associated with Radford’s web server.

– IP addresses: Every computer on the Internet has a distinct address called IP address. It is a number that looks like this:

– 137.45.192.132• E.g., Open a command prompt on your Windows computer or a terminal on your Mac/Linux

computer. – Type “nslookup www.radford.edu”.– You will notice that this is associated with an IP address.

» What is it?

– Port numbers: It is the number associated with each network program running on our computer.

• E.g., Webservers are associated with port number 80; SSH server associated with port number 22.

– To address a specific program on the Internet we use both an IP address and a port number. E.g.,

• To reach Radford Universities webserver, we use the domain name: www.radford.edu . • This in turn translates to an IP address such as 137.45.192.132 and port number 80.• We use the notation: 137.45.192.132:80 to represent this.

• This is also called as internet address. Every computer on the internet has a unique internet address (with exceptions)

© Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.

http://www.radford.edu/


Protocols work with each other (Example).

• With the pre-requisite knowledge from the last slide

– Consider the simple task of browsing the Internet.

– We open a web-browser and type in a URL (e.g., www.nytimes.com).

– Let us see what protocols are involved.

© Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.

http://www.nytimes.com/

Web Browsing Application

• Documents are prepared using HyperText Markup Language (HTML)

• A browser application program is used to access the web

• The browser displays HTML documents that include links to other documents

• Each link references a Uniform Resource Locator (URL) that gives the name of the machine and the location of the given document

• Let’s see what happens when a user clicks on a linkSource: Chapter 2, Communication Networks by Aleberto Leon

Garcia and Indra Widjaja, ISBN: 978-0072463521

User clicks on http://www.nytimes.com/ URL contains Internet name of machine (www.nytimes.com

), but not Internet address Internet needs Internet address to send information to a

machine Browser software uses Domain Name System (DNS)

protocol to send query for Internet address DNS system responds with Internet address TRY THIS: Open a command prompt on Windows and type:

nslookup www.radford.edu. You just used the DNS protocol!

Q. www.nytimes.com?

A. 64.15.247.200

1. DNS





Browser software uses HyperText Transfer Protocol (HTTP) to send request for document

HTTP server waits for requests by listening to a well-known port number (80 for HTTP)

HTTP client sends request messages through an “ephemeral port number,” e.g. 1127

HTTP needs a Transmission Control Protocol (TCP) connection between the HTTP client and the HTTP server to transfer messages reliably

TCP Connection RequestFrom: 128.100.11.13 Port 1127To: 64.15.247.200 Port 80

2. TCP

ACK, TCP Connection RequestFrom: 64.15.247.200 Port 80 To:128.100.11.13 Port 1127

ACK


HTTP client sends its request message: “GET …” HTTP server sends a status response: “200 OK” HTTP server sends requested file Browser displays document

Clicking a link sets off a chain of events across the Internet involves multiple protocols! (We did not cover some of the other protocols involved).

GET / HTTP/1.1

200 OK

3. HTTP

Content


Layers

• A set of related communication functions that can be managed and grouped together

• Application Layer: communications functions that are used by application programs– HTTP, DNS, SMTP (email)

• Transport Layer: end-to-end communications between two processes in two machines– TCP, User Datagram Protocol (UDP)

• Network Layer: node-to-node communications between two machines– Internet Protocol (IP)


Example: HTTP

• HTTP is an application layer protocol• Retrieves documents on behalf of a browser

application program• HTTP specifies fields in request messages and

response messages– Request types; Response codes– Content type, options, cookies, …

• HTTP specifies actions to be taken upon receipt of certain messages


HTTPClient

HTTP Protocol

GET

Response

HTTPServer

HTTP assumes messages can be exchanged directly between HTTP client and HTTP server

In fact, HTTP client and server are processes running in two different machines across the Internet

HTTP uses the reliable stream transfer service provided by TCP


Example: TCP• TCP is a transport layer protocol• Provides reliable transport service between two processes in two computers

across the Internet. (Think of it as providing receipt-certification.)

• Sequence numbers keep track of the bytes that have been transmitted and received

• Error detection and retransmission used to recover from transmission errors and losses

• TCP is connection-oriented: the sender and receiver must first establish an association and set initial sequence numbers before data is transferred

• Connection ID is specified uniquely by (send port #, send IP address, receive port #, receiver IP address)E.g., if you browse the RU website from a computer with IP address of: 137.45.192.132

then, the connection is uniquely identified by:(1234, 137.45.192.132 ; 80, 137.207.232.204)


HTTPserver

HTTPclient

TCP

Port 80Port 1127

HTTP uses service of TCP

TCP

ResponseGET

TCP80, 1127 GET 1127, 80 bytesResponseGETResponse

Source Destination


Example: UDP

• UDP is a transport layer protocol• Provides best-effort datagram service between

two processes in two computers across the Internet

• Port numbers distinguish various processes in the same machine

• UDP is connectionless• Datagram is sent immediately• Quick, simple, but not reliable


Example: DNS Protocol

• DNS protocol is an application layer protocol• DNS is a distributed database that resides in multiple

machines in the Internet• DNS protocol allows queries of different types

– Name-to-address or Address-to-name• DNS usually involves short messages and so uses service

provided by UDP• Well-known port 53


Summary

• Layers: related communications functions– Application Layer: HTTP, DNS, SMTP, World of Warcraft, …– Transport Layer: TCP, UDP– Network Layer: IP

• Services: a protocol provides a communications service to the layer above– TCP provides connection-oriented reliable byte transfer service– UDP provides best-effort datagram service

• Each layer builds on services of lower layers– HTTP builds on top of TCP– DNS builds on top of UDP– TCP and UDP build on top of IP
