1 / 56

Network Security and Management

Network Security and Management. CS682 – Sessions 3 and 4 Prof. Katz. Public-Key Cryptography. Concept created by Diffie and Hellman in 1976 Two keys are used, one for encoding the other for decoding Also usually supports Digital Signatures. Diffie – Hellman concepts.

drago
Download Presentation

Network Security and Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz

  2. Public-Key Cryptography • Concept created by Diffie and Hellman in 1976 • Two keys are used, one for encoding the other for decoding • Also usually supports Digital Signatures

  3. Diffie – Hellman concepts • It is easy for party B to generate a public and private key • It is easy for sender A, knowing B’s public key and message M to generate the corresponding cyphertext • It is easy for B, knowing his private key and the cyphertext to compute the plain text • It is impossible for an opponent knowing B’s public key and the cyphertext to compute the plain text • It is impossible for an opponent knowing B’s public key and the cyphertext to compute the private key.

  4. Network Protocols

  5. A history of IP • Originally designed by the DOD for military purposes • Used to create the DARPANET • DARPANET later evolved into the Internet for Educational purposes • Recently been utilized more for commercial purposes

  6. IP Header

  7. User Datagram Protocol (UDP) • A simple, connection-less layer 4 protocol for the transmission of non-critical data • No reliability, No confirmation of delivery, No order of packets! • Very Light protocol which sits on top of IP layer. • Used by a number of ULPs including DNS, DHCP, and BootP.

  8. Port numbers • UDP introduces the concept of port numbers as a layer 4 address. • Ports are used to indicate which layer 7 service should receive the packet and which produced it. • When a server program starts it “binds” to the port it will use for communication (usually <1024), UDP then knows that data received for that port should be delivered to that program.

  9. Ports (cont.) • When a client service begins communication it can either request a specific port for communication or use a unique port provided by the OS. • Server ports are static, client ports may be dynamic.

  10. Common UDP port numbers • 67 – BooTP Server • 68 – BootP client • 69 – Trivial FTP

  11. UDP Header

  12. Header Values • Source port – The port on the source host which generated this message • Destination Port – The port on the destination host which should receive this message • Length – The length of the header and data

  13. UDP Checksum • The UDP checksum is calculated across the data and the header. • The Checksum is the one’s compliment of the 16-bit sum of the words in the header and data. • Additionally the 32-bit source and destination, the 8 bit protocol field, and the UDP length are included in the sum.

  14. UDP Checksum • On the receiving end all words are added to the checksum and the result should be all ones. • If the result is not all ones then an error has occurred.

  15. Transport Control Protocol • Provides a connection oriented layer 4 service • Provides guarantees • Provides sequence ability

  16. TCP Header

  17. TCP Header (cont.) • Source and destination ports – Which application produced the packet and which should receive it • Sequence number – Identification of the relative location of the first byte in the packet to the first byte in the stream. • Acknowledgement number – The sequence number of the next byte which the receiving station expects

  18. TCP Header (cont.) • Urgent • Acknowledgement • Push • Reset • Synchronize sequence numbers • Final packet

  19. TCP Connection Establishment • Client Sends SYN • Server Replies with SYN-ACK • Client Replies with ACK

  20. TCP Connection maintenance • The Sequence number is incremented for every packet sent • An acknowledgement must be made before the window size is reached. • An ack is sent for the next byte which the client expects to receive.

  21. TCP State Diagram

  22. Fundamentals of network security • To employ good network security requires that you know everything about the network! • We will forfeit some usability for security. • If your recommendations are not followed – CYA!

  23. Common Network Protocols • HTTP – Used for traffic on the World Wide Web, usually port 80 • FTP – Used to transmit binary and ASCII data files, control connections on port 21 • Telnet – Used to obtain a shell on a remote system, usually on port 23 • POP3 – Used by clients to retrieve email on corporate servers, usually port 110 • SMTP – Used to transfer mail between domains/servers, usually port 25 • DNS – Used to Resolve Names, UDP port 54

  24. Request for Comments • Maintained by the Internet Engineering Task Force (www.IETF.org) • Protocol designers publish documents and release them to the Internet community for comments and implementation • RFCs are accepted today as rules for implementing protocols

  25. HyperText Transfer Protocol • Version 1.1 defined in RFC 2068 • No banner on connection establishment • Client should send all header information followed by a return character ‘\n’

  26. URI Specifications • Uniform Resource Identifier • Used to indicate resources available on a network • <scheme>://<authority><path>?<query> • Eg. http://search.microsoft.com/search.asp?find=MS

  27. HTTP Options • Obtain all server information

  28. HTTP GET • Request for one file

  29. HTTP HEAD • Returns only the header information which would be obtained by a GET command • Useful for determining if a document should be downloaded or used from cache

  30. HTTP POST • Used to send LARGE (>500 Bytes) of data to a remote system • Can be used for large forms or for uploading files

  31. HTTP PUT • Same concept as POST but used only for uploading files

  32. Security Problems with HTTP • Buffer Overflows are common • Non-anonymous users send their username/password as a BASE64 encoding • Excessive client data transmitted • Snooping possible when uploading data • Cookies

  33. FTP • Defined in RFC 959 • FTP Control connections are established on port 21 • USER is followed by a username and a return character and PASS followed by a password and a return character

  34. FTP Standard Data Connections • User initiates the data transfer and sets up a listener on a specific port, server connects to that port and “dumps” the file.

  35. FTP PASV Data Connections • User indicates that passive mode data transfer should occur • User selects file which should be transferred • Server creates a listener and allows client to connect to it, once the connection is established, server “dumps” the file

  36. Security Problems with FTP • Buffer overflows • Security credentials are sent in cleartext • Opens dynamic ports which firewalls may allow through • Data is sent in cleartext

  37. Telnet • User connects to server port and server displays a welcome banner (usually /etc/issue.net) then requests login • Client responds to server’s login request with a valid username/password • Shell is activated STDOUT and STDERR mapped to client’s terminal

  38. Security Problems with Telnet • All data (including username/password) is sent in cleartext • Buffer overflows and root attacks possible

  39. Post Office Protocol version 3 • Defined in RFC 1725 • Used to download mail from a server for local reading when direct file access is not available or advisable • Very popular on the Internet, almost the prime source of email

  40. Operation of POP3 • User establishes a connection to the server port (Usually 110/tcp) • Server greets user • User issues the USER command with a valid username • Server will always respond with “+OK” • User issues the PASS command with the password • Server will attempt to authenticate the user • If successful “+OK” is returned otherwise “-ERR”

  41. Transaction state commands • STAT – see the total number of messages and bytes • UIDL (#)– obtain the Unique ID Listing for messages in the mailbox • RETR # – Retrieve one message • DELE # – Mark one message for deletion • LIST (#) – Show the size of each a/all message(s) • RSET – Mark all messages as undeleted • TOP M# N# - Return the first N# lines from message M#

  42. Normal POP3 session

  43. Implementing POP3 • When the user is authenticated open the mailbox and parse the messages in it into memory • Read in each command and respond appropriately • When QUIT is received copy the contents of memory to the mailbox

  44. Problems with POP3 • Authentication information is sent in clear text (although POP3 supports MD5 hashed authentication it’s not commonly used) • Messages are sent in clear text • Buffer overflows • Root level attacks

  45. Simple Mail Transport Protocol • Defined in RFC 821 • Used for transmitting mail between servers and domains • THE definitive solution for inter-domain mail transfer on the Internet

  46. Operation of SMTP • Remote server connects to the local machine, local machine greets • Remote machine introduces itself • Remote machine indicates who message is from • Remote machine indicates one or more recipients • Remote machine transmits data of the message

  47. Commands • HELO or EHLO – Command for remote machine to introduce itself to local machine • MAIL FROM:<w@x> - indicates the sender of the message • RCPT TO:<y@z> - indicates the recipient of the message • DATA – indicates the start of the data transfer (concluded with a CRLF.CRLF string)

  48. Problems with SMTP • Buffer Overflows are common • Messages are sent in cleartext (by default)

  49. Normal SMTP session duke% telnet login.dataixl.com 25 Trying 64.2.85.40... Connected to unix.dataixl.com. Escape character is '^]'. 220 unix.dataixl.com ESMTP Sendmail 8.11.0/8.11.0; Wed, 14 Feb 2001 16:42:33 -05 00 HELO duke.poly.edu 250 unix.dataixl.com Hello dkatz@duke.poly.edu [128.238.2.92], pleased to meet y ou MAIL FROM:<dkatz@duke.poly.edu> 250 2.1.0 <dkatz@duke.poly.edu>... Sender ok RCPT TO:<dkatz@dataixl.com> 250 2.1.5 <dkatz@dataixl.com>... Recipient ok RCPT TO:<root@dataixl.com> 250 2.1.5 <root@dataixl.com>... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Subject: Hello This is just a hello message . 250 2.0.0 f1ELgoO22093 Message accepted for delivery QUIT 221 2.0.0 unix.dataixl.com closing connection Connection closed by foreign host.

More Related