1 / 16

Securing Network Services

Securing Network Services. How TCP Works. Set up connection between port on source host to port on destination host Each connection consists of sequence of numbered packets, with source (port, address), destination (port, address) and flags First packet – SYN (synchronize sequence numbers)

miriam
Download Presentation

Securing Network Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Network Services

  2. How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence of numbered packets, with source (port, address), destination (port, address) and flags • First packet – SYN (synchronize sequence numbers) • Response packet - SYN & ACK • Thereafter – ACK • Last packet – FIN & ACK Ports are associated with services: • 21 - FTP • 25 – e-mail • 80 - http • many many more Based on client-server model

  3. How UDP works Unreliable (unwarranted) delivery of information between systems -- No acknowledgement Ports for UDP services • Port 123 -- Network Time • Port 53 -- DNS • Port 69 -- TFTP • Port 514 -- Syslog • Port 517 – Talk Based on stateless distribution of information

  4. Application Services Domain Name Service (DNS) -- TCP/UDP • Replaced /etc/hosts files • Tree-structured query system • Replies -- either answer or reference to more refined domain Mail -- TCP (port 25) FTP -- file transfer protocol -- TCP HTTP -- World Wide Web -- TCP

  5. TCP/IP Services Many have security risks • Ways to access your computers • Information on your computers and your users Can block them all (Paranoid approach) More often-- keep some, block others Blocking method -- firewalls

  6. General Points Will discuss variety of services with security implications • Not full list of internet services • Not full list of security problems Administrators need to understand implications before offering service • CERT advisories • Configuration options • Prudent attitude

  7. User Education • Suspicious network behavior • Suspicious user behavior • Who to contact • When to contact • Exercises

  8. Web WWW: World Wide Web • System for automated information exchange • Allows rapid access to flexibly-presented information • Well over 50% of Internet traffic Presentation Options: • Formatted Hypertext • Bitmap graphics • Program execution (CGI scripts, Applets, etc.) • Audio • Movies • Many more

  9. WWW Threats • Exploitation of server or script bugs • Disclosure of unauthorized information • Interception of confidential information • Information loading from web client by rogue server • Dependence on licensed software

  10. WWW Risky Options • Server-side includes • Sending email from server • Accessing PERL on server • Spawning sub-processes • Calling scripts outside of controlled directories • Mixing HTTP and anonymous FTP

  11. WWW Access Control • Configure scripts to be read and executed only by server • Use prudent access to exported files • Don’t use per-directory access files • Use certified public keys for access • Use server-side password for access

  12. WWW Privacy Network-side: • Link encryption • Document encryption • Secure Socket Layer • Secure HTTP • All subject to limitations on Encryption Log files: • Restrict access • Don’t retain on server machine • Use syslogd • Warn users about logging

  13. Web Browsers • Executing code from the net • Trusting vendors / Licensing • Dependence on third parties

  14. RPC Remote Procedure Call • Calling program calls client code and waits • Client code bundles parameters into message to server (XDR - external data representation) • Server executes call with supplied data, returning result in message to client code • Client code returns result to calling program Requires: • Client knowing server • Client & Server agree on communication (portmapper) Authentication: • Auth_none - live fast, die young • Auth_UNIX - UID/GID authentication (trust client) • Auth_DES - Secret/public key authentication(Diffie/Hellman key exchange, DES encryption) • Auth_KERB - Kerberos authentication

  15. Kerberos Produced for MIT project ATHENA Authenticates: • User to client and server • Client to server • Server to client Centralized and stateless • Passwords stored unencrypted on central server • Never transmitted across network

  16. Kerberos Protocols Login: • User enters username and password • Client sends username and current time encrypted with password • Server decrypts information and verifies valid user • Returns session key encrypted with user password Service Request: • Client sends request to ticket-granting server, encrypted with session key • TGS responds with identity of server, encrypted ticket all encrypted with session key • Client passes encrypted ticket to server with client IP and username

More Related