network security unless otherwise noted, material (images) in these slides are from security in...
TRANSCRIPT
Network Security
Unless otherwise noted, material (images) in these slides are from Security in Computing
by Pfleeger and Pfleeger.
Organization of this session
• Overview of networks and network architectures.– Layered model of networks.– The concept of network protocols.
• Vulnerabilities, threats and exploits to networks. – A survey of exploits.
• How vulnerable is our network? – Following the footsteps of attackers – Using ping, traceroute, nmap and nessus to
determine how vulnerable a network really is.
Figure 7-1 Simple View of Network.
Overview of a network: A simple view.
Usually a PC or workstation.
Called “Client”
Called “Server”. Provides some service, e.g.
“Web Server” or “Mail server”.
Communication media: e.g., microwave,
broadband, telephone cable, bluetooth,
cellular etc..
Image © Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
More Complex but More Typical View of Networks.
User C
User A
User B
System 2
System 1
A more realistic scenario: When user A sends a message to System 3, she may not be aware that the message is passing through System 1.
System 3
Network terminology
© Pfleeger – Material on this slide and others from the textbook Security in Computing by Pfleeger. Page 382.
• Node: usually a workstation or PC or a router (a device that routes network data).
• Links: end points of a communication link. • Media: for transmission.
Next: Introduction to network security – who attacks networks?
Who attacks networks, what are their motives?
• Challenge. • Examples: Robert Morris;
the Cult of the Dead Cow.• Fame.
• Examples: Kevin Mitnick.• Money and Espionage. • Organized Crime.
• E.g., Shadowcrew (28 member gang). • Ideology (from recent press clippings)
• e.g., Hactivism (Hackers anonymous on VISA/Mastercard due to fallout with Wikileaks), Cyberterrorism.
Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
What makes networks vulnerable?
• Class exercise:
• what are some of the threats to networks that you are familiar with?
• what makes networks such a juicy target?
What makes networks vulnerable?
Here are some possible reasons: • Anonymity.• Many points of attack (targets and origins)• Sharing.• Complexity of the system.• Lack of single ownership, control,
understanding• Unknown perimeter• Unknown Path.
We will look at some of these issues in more detail…
Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
Anonymity.
Attackers are harder to trace as they can hide behind several routers and proxies.
© Peter Steiner , The New Yorker, (July 5 1992). This cartoon is being used on this slide under the Fair Use clause of the U.S Copyright act only for classroom teaching.
Figure 7-11 Unclear Network Boundaries.
Complex networks may not have clear boundaries. E.g., Network C (which contains multiple computers) can be accessed from B, A and D. Part of Network C is accessible in D.
Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
Another example of unclear boundaries
ruacad.radford.edu
Radford’s network issue: can we reach a machine from from off-campus without using VPN?
Cautela.radford.edu
RU’s firewall – forces everyone to use the CISCO VPN client from off-campus to access a machine on-campus
ruacad is a computer outside RU’s firewall. Can be used to reach most computers inside the campus.
So a RU student can first login to ruacad and then into any campus machine without going through the VPN.
Figure 7-12 Uncertain Message Routing in a Network.
If you want to control traffic from A to B, cannot install the controller only on C or D.
Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
Protocols: software that drives networks.
• Communications between computers requires very specific unambiguous rules called a protocol.
• A protocol is a set of rules that governs how two or more communicating parties are to interact
Meaning of a protocol (simple example)
• E.g., consider this example (this is a protocol) and fill in the blanks:
Me: Knock Knock…You: ______Me: YaYou: ______
How did you know what to fill in the blanks?
This is an example of a protocol.
© Anonymous. Unable to attribute.
Another example of a (non computer network related) protocol
• Example: A student wants to ask the instructor a question. – What steps does the student take to
ask the question? – What steps does the instructor take to
answer a question?
• Next: The world of protocols gets complicated…
A small task in a computer network can be quite complicated – multiple protocols for
each task … • Suppose we want to send an email from one computer
to another. Let us look at a few tasks involved in a computer network.
User
Network
User
Desktops
Source
Destination
6. Different types of transmission media: cable, wireless, bluetooth …
DigitalTransmission lines
2.Intermediate machines (which maybe different from each other to exchange the email.
3. Routing the data through the network: what if there are multiple routes? How to pick the best one?
5. Congestion control mechanisms: dealing with too much traffic
4. Error checks – any errors during transmission?
Destination
1. Different formats for different networking data.
A small task in a computer network can be quite complicated – multiple protocols for
each … • Suppose we want to send an email from one computer
to another. Let us look at a few tasks involved in a computer network.
User
Network
User
Desktops
Source
Destination
6. Different types of transmission media: cable, wireless, bluetooth …
DigitalTransmission lines
3.Intermediate machines (which maybe different from each other to exchange the email.
3. Routing the data through the network: what if there are multiple routes? How to pick the best one?
5. Congestion control mechanisms: dealing with too much traffic
1. Different types of network data, e.g., email is different from a web request or an IM.
4. Error checks – any errors during transmission?
Destination
Decisions decisions…
How does a computer network deal with so many decisions? (remember all these decisions need to be made by software programs)
(A)Give up and go back to using pigeons
(B)Develop interfaces, and modules that implement the interface. The interface (API) is called a "protocol".
Answer B. Observations: • Each decision in some ways is made by a protocol.• Also, protocols need to work together to accomplish a
task (e.g., sending an email).• Some protocols deal with lower level details (e.g., wired
or wi-fi? Paper or plastic?) and some deal with higher level details (e.g., HTTP or Email?, Error check or no error check?)
Examples of different computer network protocols and their
levels.Higher level details1. Web-client speaks to the web-server using HTTP – hyper text transfer
protocol.2. SSH (Secure Shell protocol) is used to allow for secure remote
connections. 3. SIP (Session Initiation Protocol) is used to make VoIP telephone calls.
Slightly lower level details (Transport/routing)4. Transport control protocol (TCP) (e.g., task error checking) – checks if network data reached its destination without errors. Retransmit if necessary, 5. IP (Internet Protocol) is used to find “good” route to transport the packet.
Lower level details6. Medium Access protocol: Protocols that determine how to use and share a specific communication medium (e.g., medium: wired, wifi, bluetooth) when sending data.• to avoid collisions between data when the same communication
media are being used to transmit different data items.
Layers, Services & Protocols
• Specifically, every network application (e.g. email client) runs certain specific services from protocols:
– Transport: across a network from source to destination.• Deals with tasks such as error check and correction.• Identifying destination address.
– Routing and forwarding: across multiple hops.• More short sighted….
– Transferring raw data from one physical interface to another. • Least sighted
• These protocols are therefore organized into layers.
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Protocols work with each other (Example).
• First some pre-requisite knowledge:– Domain names: When browsing the Internet, we use domain names – these are names
given to a specific server or group of servers. E.g., www.radford.edu is the domain name associated with Radford’s web server.
– IP addresses: Every computer on the Internet has a distinct address called IP address. It is a number that looks like this:
– 137.45.192.132• E.g., Open a command prompt on your Windows computer or a terminal on your Mac/Linux
computer. – Type “nslookup www.radford.edu”.– You will notice that this is associated with an IP address.
» What is it?
– Port numbers: It is the number associated with each network program running on our computer.
• E.g., Webservers are associated with port number 80; SSH server associated with port number 22.
– To address a specific program on the Internet we use both an IP address and a port number. E.g.,
• To reach Radford Universities webserver, we use the domain name: www.radford.edu . • This in turn translates to an IP address such as 137.45.192.132 and port number 80.• We use the notation: 137.45.192.132:80 to represent this.
• This is also called as internet address. Every computer on the internet has a unique internet address (with exceptions)
© Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
Protocols work with each other (Example).
• With the pre-requisite knowledge from the last slide
– Consider the simple task of browsing the Internet.
– We open a web-browser and type in a URL (e.g., www.nytimes.com).
– Let us see what protocols are involved.
© Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger.
Web Browsing Application
• Documents are prepared using HyperText Markup Language (HTML)
• A browser application program is used to access the web
• The browser displays HTML documents that include links to other documents
• Each link references a Uniform Resource Locator (URL) that gives the name of the machine and the location of the given document
• Let’s see what happens when a user clicks on a linkSource: Chapter 2, Communication Networks by Aleberto Leon
Garcia and Indra Widjaja, ISBN: 978-0072463521
User clicks on http://www.nytimes.com/ URL contains Internet name of machine (www.nytimes.com
), but not Internet address Internet needs Internet address to send information to a
machine Browser software uses Domain Name System (DNS)
protocol to send query for Internet address DNS system responds with Internet address TRY THIS: Open a command prompt on Windows and type:
nslookup www.radford.edu. You just used the DNS protocol!
Q. www.nytimes.com?
A. 64.15.247.200
1. DNS
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Browser software uses HyperText Transfer Protocol (HTTP) to send request for document
HTTP server waits for requests by listening to a well-known port number (80 for HTTP)
HTTP client sends request messages through an “ephemeral port number,” e.g. 1127
HTTP needs a Transmission Control Protocol (TCP) connection between the HTTP client and the HTTP server to transfer messages reliably
TCP Connection RequestFrom: 128.100.11.13 Port 1127To: 64.15.247.200 Port 80
2. TCP
ACK, TCP Connection RequestFrom: 64.15.247.200 Port 80 To:128.100.11.13 Port 1127
ACK
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
HTTP client sends its request message: “GET …” HTTP server sends a status response: “200 OK” HTTP server sends requested file Browser displays document
Clicking a link sets off a chain of events across the Internet involves multiple protocols! (We did not cover some of the other protocols involved).
GET / HTTP/1.1
200 OK
3. HTTP
Content
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Layers
• A set of related communication functions that can be managed and grouped together
• Application Layer: communications functions that are used by application programs– HTTP, DNS, SMTP (email)
• Transport Layer: end-to-end communications between two processes in two machines– TCP, User Datagram Protocol (UDP)
• Network Layer: node-to-node communications between two machines– Internet Protocol (IP)
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Example: HTTP
• HTTP is an application layer protocol• Retrieves documents on behalf of a browser
application program• HTTP specifies fields in request messages and
response messages– Request types; Response codes– Content type, options, cookies, …
• HTTP specifies actions to be taken upon receipt of certain messages
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
HTTPClient
HTTP Protocol
GET
Response
HTTPServer
HTTP assumes messages can be exchanged directly between HTTP client and HTTP server
In fact, HTTP client and server are processes running in two different machines across the Internet
HTTP uses the reliable stream transfer service provided by TCP
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Example: TCP• TCP is a transport layer protocol• Provides reliable transport service between two processes in two computers
across the Internet. (Think of it as providing receipt-certification.)
• Sequence numbers keep track of the bytes that have been transmitted and received
• Error detection and retransmission used to recover from transmission errors and losses
• TCP is connection-oriented: the sender and receiver must first establish an association and set initial sequence numbers before data is transferred
• Connection ID is specified uniquely by (send port #, send IP address, receive port #, receiver IP address)E.g., if you browse the RU website from a computer with IP address of: 137.45.192.132
then, the connection is uniquely identified by:(1234, 137.45.192.132 ; 80, 137.207.232.204)
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
HTTPserver
HTTPclient
TCP
Port 80Port 1127
HTTP uses service of TCP
TCP
ResponseGET
TCP80, 1127 GET 1127, 80 bytesResponseGETResponse
Source Destination
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Example: UDP
• UDP is a transport layer protocol• Provides best-effort datagram service between
two processes in two computers across the Internet
• Port numbers distinguish various processes in the same machine
• UDP is connectionless• Datagram is sent immediately• Quick, simple, but not reliable
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Example: DNS Protocol
• DNS protocol is an application layer protocol• DNS is a distributed database that resides in multiple
machines in the Internet• DNS protocol allows queries of different types
– Name-to-address or Address-to-name• DNS usually involves short messages and so uses service
provided by UDP• Well-known port 53
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521
Summary
• Layers: related communications functions– Application Layer: HTTP, DNS, SMTP, World of Warcraft, …– Transport Layer: TCP, UDP– Network Layer: IP
• Services: a protocol provides a communications service to the layer above– TCP provides connection-oriented reliable byte transfer service– UDP provides best-effort datagram service
• Each layer builds on services of lower layers– HTTP builds on top of TCP– DNS builds on top of UDP– TCP and UDP build on top of IP
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521