570 likes | 782 Views
Network Security and Management. CS682 – Sessions 3 and 4 Prof. Katz. Public-Key Cryptography. Concept created by Diffie and Hellman in 1976 Two keys are used, one for encoding the other for decoding Also usually supports Digital Signatures. Diffie – Hellman concepts.
E N D
Network Security and Management CS682 – Sessions 3 and 4 Prof. Katz
Public-Key Cryptography • Concept created by Diffie and Hellman in 1976 • Two keys are used, one for encoding the other for decoding • Also usually supports Digital Signatures
Diffie – Hellman concepts • It is easy for party B to generate a public and private key • It is easy for sender A, knowing B’s public key and message M to generate the corresponding cyphertext • It is easy for B, knowing his private key and the cyphertext to compute the plain text • It is impossible for an opponent knowing B’s public key and the cyphertext to compute the plain text • It is impossible for an opponent knowing B’s public key and the cyphertext to compute the private key.
A history of IP • Originally designed by the DOD for military purposes • Used to create the DARPANET • DARPANET later evolved into the Internet for Educational purposes • Recently been utilized more for commercial purposes
User Datagram Protocol (UDP) • A simple, connection-less layer 4 protocol for the transmission of non-critical data • No reliability, No confirmation of delivery, No order of packets! • Very Light protocol which sits on top of IP layer. • Used by a number of ULPs including DNS, DHCP, and BootP.
Port numbers • UDP introduces the concept of port numbers as a layer 4 address. • Ports are used to indicate which layer 7 service should receive the packet and which produced it. • When a server program starts it “binds” to the port it will use for communication (usually <1024), UDP then knows that data received for that port should be delivered to that program.
Ports (cont.) • When a client service begins communication it can either request a specific port for communication or use a unique port provided by the OS. • Server ports are static, client ports may be dynamic.
Common UDP port numbers • 67 – BooTP Server • 68 – BootP client • 69 – Trivial FTP
Header Values • Source port – The port on the source host which generated this message • Destination Port – The port on the destination host which should receive this message • Length – The length of the header and data
UDP Checksum • The UDP checksum is calculated across the data and the header. • The Checksum is the one’s compliment of the 16-bit sum of the words in the header and data. • Additionally the 32-bit source and destination, the 8 bit protocol field, and the UDP length are included in the sum.
UDP Checksum • On the receiving end all words are added to the checksum and the result should be all ones. • If the result is not all ones then an error has occurred.
Transport Control Protocol • Provides a connection oriented layer 4 service • Provides guarantees • Provides sequence ability
TCP Header (cont.) • Source and destination ports – Which application produced the packet and which should receive it • Sequence number – Identification of the relative location of the first byte in the packet to the first byte in the stream. • Acknowledgement number – The sequence number of the next byte which the receiving station expects
TCP Header (cont.) • Urgent • Acknowledgement • Push • Reset • Synchronize sequence numbers • Final packet
TCP Connection Establishment • Client Sends SYN • Server Replies with SYN-ACK • Client Replies with ACK
TCP Connection maintenance • The Sequence number is incremented for every packet sent • An acknowledgement must be made before the window size is reached. • An ack is sent for the next byte which the client expects to receive.
Fundamentals of network security • To employ good network security requires that you know everything about the network! • We will forfeit some usability for security. • If your recommendations are not followed – CYA!
Common Network Protocols • HTTP – Used for traffic on the World Wide Web, usually port 80 • FTP – Used to transmit binary and ASCII data files, control connections on port 21 • Telnet – Used to obtain a shell on a remote system, usually on port 23 • POP3 – Used by clients to retrieve email on corporate servers, usually port 110 • SMTP – Used to transfer mail between domains/servers, usually port 25 • DNS – Used to Resolve Names, UDP port 54
Request for Comments • Maintained by the Internet Engineering Task Force (www.IETF.org) • Protocol designers publish documents and release them to the Internet community for comments and implementation • RFCs are accepted today as rules for implementing protocols
HyperText Transfer Protocol • Version 1.1 defined in RFC 2068 • No banner on connection establishment • Client should send all header information followed by a return character ‘\n’
URI Specifications • Uniform Resource Identifier • Used to indicate resources available on a network • <scheme>://<authority><path>?<query> • Eg. http://search.microsoft.com/search.asp?find=MS
HTTP Options • Obtain all server information
HTTP GET • Request for one file
HTTP HEAD • Returns only the header information which would be obtained by a GET command • Useful for determining if a document should be downloaded or used from cache
HTTP POST • Used to send LARGE (>500 Bytes) of data to a remote system • Can be used for large forms or for uploading files
HTTP PUT • Same concept as POST but used only for uploading files
Security Problems with HTTP • Buffer Overflows are common • Non-anonymous users send their username/password as a BASE64 encoding • Excessive client data transmitted • Snooping possible when uploading data • Cookies
FTP • Defined in RFC 959 • FTP Control connections are established on port 21 • USER is followed by a username and a return character and PASS followed by a password and a return character
FTP Standard Data Connections • User initiates the data transfer and sets up a listener on a specific port, server connects to that port and “dumps” the file.
FTP PASV Data Connections • User indicates that passive mode data transfer should occur • User selects file which should be transferred • Server creates a listener and allows client to connect to it, once the connection is established, server “dumps” the file
Security Problems with FTP • Buffer overflows • Security credentials are sent in cleartext • Opens dynamic ports which firewalls may allow through • Data is sent in cleartext
Telnet • User connects to server port and server displays a welcome banner (usually /etc/issue.net) then requests login • Client responds to server’s login request with a valid username/password • Shell is activated STDOUT and STDERR mapped to client’s terminal
Security Problems with Telnet • All data (including username/password) is sent in cleartext • Buffer overflows and root attacks possible
Post Office Protocol version 3 • Defined in RFC 1725 • Used to download mail from a server for local reading when direct file access is not available or advisable • Very popular on the Internet, almost the prime source of email
Operation of POP3 • User establishes a connection to the server port (Usually 110/tcp) • Server greets user • User issues the USER command with a valid username • Server will always respond with “+OK” • User issues the PASS command with the password • Server will attempt to authenticate the user • If successful “+OK” is returned otherwise “-ERR”
Transaction state commands • STAT – see the total number of messages and bytes • UIDL (#)– obtain the Unique ID Listing for messages in the mailbox • RETR # – Retrieve one message • DELE # – Mark one message for deletion • LIST (#) – Show the size of each a/all message(s) • RSET – Mark all messages as undeleted • TOP M# N# - Return the first N# lines from message M#
Implementing POP3 • When the user is authenticated open the mailbox and parse the messages in it into memory • Read in each command and respond appropriately • When QUIT is received copy the contents of memory to the mailbox
Problems with POP3 • Authentication information is sent in clear text (although POP3 supports MD5 hashed authentication it’s not commonly used) • Messages are sent in clear text • Buffer overflows • Root level attacks
Simple Mail Transport Protocol • Defined in RFC 821 • Used for transmitting mail between servers and domains • THE definitive solution for inter-domain mail transfer on the Internet
Operation of SMTP • Remote server connects to the local machine, local machine greets • Remote machine introduces itself • Remote machine indicates who message is from • Remote machine indicates one or more recipients • Remote machine transmits data of the message
Commands • HELO or EHLO – Command for remote machine to introduce itself to local machine • MAIL FROM:<w@x> - indicates the sender of the message • RCPT TO:<y@z> - indicates the recipient of the message • DATA – indicates the start of the data transfer (concluded with a CRLF.CRLF string)
Problems with SMTP • Buffer Overflows are common • Messages are sent in cleartext (by default)
Normal SMTP session duke% telnet login.dataixl.com 25 Trying 64.2.85.40... Connected to unix.dataixl.com. Escape character is '^]'. 220 unix.dataixl.com ESMTP Sendmail 8.11.0/8.11.0; Wed, 14 Feb 2001 16:42:33 -05 00 HELO duke.poly.edu 250 unix.dataixl.com Hello dkatz@duke.poly.edu [128.238.2.92], pleased to meet y ou MAIL FROM:<dkatz@duke.poly.edu> 250 2.1.0 <dkatz@duke.poly.edu>... Sender ok RCPT TO:<dkatz@dataixl.com> 250 2.1.5 <dkatz@dataixl.com>... Recipient ok RCPT TO:<root@dataixl.com> 250 2.1.5 <root@dataixl.com>... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Subject: Hello This is just a hello message . 250 2.0.0 f1ELgoO22093 Message accepted for delivery QUIT 221 2.0.0 unix.dataixl.com closing connection Connection closed by foreign host.