Cryptogrphy, Security in Comp
Cryptogrphy, Security in Comp CSC 580
Popular in Course
Popular in ComputerScienence
This 7 page Class Notes was uploaded by Mr. Cleve MacGyver on Sunday October 25, 2015. The Class Notes belongs to CSC 580 at University of North Carolina at Greensboro taught by Staff in Fall. Since its upload, it has received 52 views. For similar materials see /class/229059/csc-580-university-of-north-carolina-at-greensboro in ComputerScienence at University of North Carolina at Greensboro.
Reviews for Cryptogrphy, Security in Comp
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 10/25/15
InternetNetworking Overview Notes for 080 580 lPacket Switching AECDEFGHIJKL NOP 47 l 1quot i 39 I I AECD EFGH IJKL MNOP Packetslze determined by MTU Maximum Transmisslun Unit Each packet sent independently Different pieces can routed separately Not dependent on a xed switched connection so can reroutequot easily to avoid trouble spots Postcard analogy Niameyyumqu 0mm We 3 Internet Overview g gaw Egg Q lcldea Networkofnetworks lnternetprotocolvs The Internet lmemeV stwkmg Oven9w Slide 2 ISome Web History 1990 Tim Berners Lee atCERN defined HTTP transfer HTML presentation URLs reference 1993 Mosaic released by NCSA December 1994 Netscape appears Improvements in ef ciencycaching Integrated encryptionSSL to enable secure connections Portable with attractive easytouse user interface Niameyyumqu 0mm Some Internet History ARPA Advanced Research Projects Agency experiment to test ideas of packet switched networks 1969 First node goes online UCLA 1970 s Maturing and apps e mail in 1972 1980 s Widespread in academic military and research communities 1985 NSFNET 1990 s The web and privatization lmemeV stwkmg Oven9w Network Protocols A network protocol provides syntactic and semantic rules for communication O en de ned in terms of state machines Standards allow servicebased interoperability lnternetPFCs TCPIP DNS IEEE standards Ethemet etc Protocols can be in hardware or software Ethernet access protocol often in hardware HTTP and other highlevel usually in software lmemeV stwkmg Oven9w INetwork Layeg Layered Model 7 Each layer uses onlythe layer directly beluvv it 7 Benefit Dirrerent issues to address at dirrerent leyels or aostraction Layer 03 Model lF or TCPlF orlrirerrier Model Examples HTiFquot FTPquot SMTF Ernail Examples TCFquot u lF39 lrlterrlet F39rutucul ommsmms gtTransrnission rnedia ethernetitohen rlrlg mtemeVAeewhng Overview Slide 7 O O huoiconceniaior or Crussbariwnch 5 Tree mtemeVAeewhng Overview Network Layer Issues lP Packets Options usually ernpty Data Everything isiustoits oeingtransrnitted 7 Canallbetamperedwthi 7 Headerchecksumls rim crymooraphic7iordeieoinohansrnission errors rim tamperln mtemeVAeewhng Overview sue ii L nk Layer For directlyconnected systems to communicate Example 1 Ethernet Ethernet cards lDed by MAC addressquot 48 bits 7 E g l sending rrom nun2o1619ci1t0 oo 7 Packet dD153E2cdD E an 15 3o zc an no oz on s 91 n os uni Data to be transrnitted Example 2 PPP PointtoPoint Protocol link layer uses HDLC Highlevel Data Link Control Only two endpoints so no addressing is necessary Includes error detection for akey links immeyruewung Oven9w Sine e Link Layer Threats and Vulnerabilities Messa e lrlterce tlorl OriginalEthernet7oustopology 7 All systerns on a LAN see all trarric 7 Usually lgrlure all but to thern based on MAC addr Huweyer lrrterraces can be put into promiscuous rnode Ethernet eyolutionl 7 Startupulugy butall traffic stillto all hosts Ethernet eyolution 2 SWl 0 es 7 startree topology 7 Switch rernernoers which MAC addresses are connected to which ports and sends trarric only to addressed host lmemeVAsewkmg Oven9w IP Addresses Network lP layercorlcerrled With addresslrlg and routing 7 Address usually ootained rrorn DNS 7 an application7layer protocoll Current yersion or lP protocol le4 7 Addresses a not yalues 7 F39 addressesare rorinrerraces not cornputers 7 eiyen as4 bytes in dutted notation e g i lZB lzu El 48 7 Addresses diyided into netvvurk and host parts Class 0 example 129 iZEI Si is net addr AE is hast addr Husts Wsame HEMDM addr Earl talk dlrectiytu each other LAN tad r s notations 7 Subnetmask izaizoo 7 addrbtcuunt lZBlZEIBlEIiU 7 See With rsoinirconrig in UnixLinux i ipconrigl in Windows iu255 255 255 n Next generation P vaB 7 Addresses are lmoityalues 7 huge address space lmemeVAsewkmg Oven9w slide i2 IARP F nd ng the right host on a subnet Problem 7 Etnernet works on MAC addresses doesn t understand lP e lP works on P addresses doesn t understand Etnernet 7 How do we get a packet to the right host on a LANsubnet2 ALwem The Address Resolution Protocol ARP e Ekarnple Host ml in wants to sendto lo l l Elutl Only knows lF39 address notMAC address 5o Broadcasts an ARF rnessage on Ethernet saying Who has lEIl lBZ7 in l l 92 responds with l have lEIl lBZ My MAC is EIEI DZ 2d Ba 27 72 Nuvlell l42 sends oyer Ethernet to tnis MAC memaymewkne Overview IARP Spoofing Countermeasures Static ARP tables Sensitive subnets should use static ARP tables Mappings don t expire Mappings are hardcoded to be genuine by the administrator Not perfect MAC address spoo ng still possible Possible future directions A better solution is still an unresolved research issue Some suggest authenticated ARP Uses digital signatures Pk Crypto so slow 7 and ARP needs to be yery low oyerneadi memaymewkng Overview Side is lNetwork Layer Topology How are subnets connected together 7 Earlierdiscussion was pnysical link topologyr now logical links Physical layer considerations 7 Poll ltctocpoll lt Direct connections ortwo endpoints Protocols PPF pulrltctucpulrlt protocol rtyplcally uverserlalphune lines and PPuE pulrltctucpulrlt oyer Ethernet 7 used by a lot or DSL e Broadcast Sent out to wnoeyer gets it e g wireless 7 Sirnilarissue on etnernet switcnes ys nubs Interconnection issues 7 Ownersnip Who owns pieces ortne network2 7 Control Subcnetwork adrninistration memaymewkne Overview When ARP goes bad ARP Spoofing Perrorrnance Hosts keep an ARP Table orknown P address ltsgt MAC rnappings r Duesn t have tn ask lf MAC address knuvvrl h l have a b Ed message e eac e Explres mappings regularly in case lF39 rnoyes lrivyiridms rp root host NM up en Flags Mask was 125 12mm amzz ARP spooring To snirr on a switcned Etnernet e Attacker on sarne LAN sends out l have a b c d rnessagesrortarget rnacnine or all rnacninesi e Packets then sentto the attacker ratherthan the destination wnicn could be the gateway router e Attacker can then rorward packets so no disruption elust rnonitonng immamewwe Overt9w Slide u Subne o ubnetCommunication GatewasandRouters 7 Router llyes on rnuitipie subnets A Local address on each A Can be more than 2 Nlesubnets Routlrlg tables saywnat goes wnere 7 SEE Wlth sblrlruute lrl LlnuXU rllgtlt 7 SEE Wlth mute prlnt lrl Wlnduvvs Sample sirnpliried nost routing table Destination Gateway Ge 0 255 72 l is W24 subnet immamewwe Overt9w Slide is Controlled Access Point Route Firewall D5 t What about public seryers7 Must rnake sure controlled access is only way lrll Modems wireless FlreWallburder security A cruncny shell around a sort cnewy center Cbeswick immamewwe Overt9w Slide is IAbout DMZs I imgollanl What is called a DMZ on many nome routers is not What a network professional means by a DMZ iii Faking Network Layer Topology Overiav networks 7 idea Use connections over 7 A netwprk on top or a network 7 P2P can pe viewed as pveriav netwpiks eriav netwpiks rsn A reai DiviZ 7 Hosts ispiated in a separate subnet sp trarrie does not entertne internai network even irpupiie npsts broken in to 7 Can prpvide gatevvavs ur bastiun husts that are connected to pptn i t mai and external networks ssh stepping stones 7 Anpnvmitv netwpiks iiie tur are pv 7 PianetLab pveriavrpr netwpiking resea Physical Path F39F39F39 Ppint7tp7PpintF39rptpcpi 7 standard used for diaiup sunnesnpns pst pn easn side pra iink A horne routerDMZ a One 7 onginaiivrprsending network packets pver seriai cunnectiuns 7 Ali trarrie all ports is routed to one particular internai7neovprk svst m 7 makes an internai hust public rpr reeeiving connections 7 Actually iets traffic into tne internai network so it someone preaks intp tne DMZ hust tnev nave mii assess to your netvvprki More later vvnen vve discuss yPNs mtemeVAstwhng Overview memeV e wwig Omsk Slide 2 Network La er Attacks lmwl IP SPOO ng Attack type 1 Put invalid data in fields 39 Smurfmack Simpli ed Example 1 Ping of Death Too large ping packet erasnes machine Fake ping packet With sr ZUB i2 i7 35 Example 2 LAND Attack and destiZBA 67 EB g Ping response to Specially crafted packet Witn both source and destination mas s7 59 Victim set intermediary to victirn addreSS With fields that rnake machine lock Example 3 Jolt Attack and Teardrop Attacker WU invaiid rragmentation or packets tnat destination can t 2 29123 209 i2 i735 sembie so rnachine rreezes waiting rormore mtemeVAstwhng Overview memeVNsQWhmg Omsk IIP Spoo ng lP Spoo ng Countermeasures SmurfAttack Dos ampli cation Filter out broadcast messages at gateway Doesn twork ifintermediary inside border Fake ping packet Witnsr 2mg i2 i735 1 In general Filter out LANonly messages across 3 55 23 45 67 255 intermediaries Manyup to 254 ping i23 45 67i responses El Vi im i23 45 67 2 i23 45 673 Egress filtering Only let out packets with appropriate source addrs ViEtiin 243 29 i23 2mg i2 i735 Doesn t stop you from being an intermediary or a victim think of it as being a good netizenquot Works particulariyvveii When Attackerrlnlei39rnedianes connection is lower bandwidth than lnlerrnediai ieSrViclirn mtemeVAstwhng Overview sea 23 lmemeV e whmg Overt9w IFragmentatlon issues Fragmentation Breaking up long IP packets to t in a particular type of lowlevel link 7 Example Slow PPP mignt use maxlmum oaeket lengtn oresuu bytes tor responslveness ys tyoieal Etnernet lengtn MES bytes Security issues 7 Using fragmentatlol l to avoid an lntrusion Detection System Break up a signature into multiple rragmen s How are overlapping packets reassembled Fragmentl Fragment 2 Reassembly default ids defauls1da Whatthe nostgets What tne DS sees MtemeV EQWHHg Overva one 25 lTransport Layer lP provides little beyond basic routing r Packets may be los e Packets may arrive out or order 7 Errors may occurin packets 7 One address ermacnine e no way or distinguisning dirrerent userssewlces Transport layer 7 UDP User Datagram Protocol Adds puns to distinguisn usersservlces 7 TOP Transmission Control Protocol ln addition to puns adds error deteetion woaeket retransmission paeket reordering and sessions simulated EurlrlEEtlEIrlS MametNetwng Overview Transport Layer Issues TCP Packets TCP adds Sesslol ls ol col ll lectlol ls to the bare lP protocol o is is CH SequenceNumber Aemowledgmentwumber Data Orrset Window neeksum urgertPoirter Options D Flags URG Urgent ptrvalld RST Resafla ACK ACKValld SVN Synchrunlze seam PSH Push furlttlurl FlN Flrllsh Elf EurlrlEEtlEIrl MtemeV EQWHHg Overva one 25 Fragmentationjssues Cont d Solutions Try every possible packet reassembly Problem nrragments giyes 2 reassernblles Know how major OSes work and try those assemblies Problem vvnat ira new macnine ornew network stack Reassemble packets at rewall Only a consistent reassembled packet stream seen inside Prob ems e leflcult to keep up witn a yery nign bandwidtn connection at tne gateway 7 Doesn t protect rrom internal attaeks lmemeVAstwkmg Oven9w Slide 2o Transport Layer Issues UDP Packets UDP adds connection distinguisners portsto lP Some eommon UDP orotoeols Domain Name Sewiee DNS 7 port 53 Network Tlme Protoeol NTF 7 port l 23 Dlscuverable seNlcesUF39FRRendezvuus Streamingmultieast transmissions lmemeVAstwkmg Oven9w The 3 way handshake Labels below give Flags Seq Ack SYN 052 u SYNlACK SeSeq CrSeqM Ask gt52in SSegM client SENE39 To establisn connection client must prove tnat it received tne SYN lACK oacketl MACK packet routed to system witn source address from fll St SYN packet e Sinee based on ruutlng only seeure baek to tne subnel ottne ouree lmemeVAstwkmg Oven9w ISYN Issues Predictability Sequence numbers should be unpredictable m 7 Most systems today seiect random yaiues tnat meet some necessary condi ions Otherwise Witntake Sn SYN 052 El ACK CeSeqH i PredictrSrSeqM Chem Data pretending to edme rrdmrake 5re SEN Particularly dangerous when fake Srcquot is a trusted IP address MtemeV EQWHHg Overview sue 31 ISYN Flooding Solutions SYN cookies e ale idea Use cryptograpnytu ayuid saying state 7 5peeirieaiiy 5tdre inrd in 5ed r to yeriry upuri ACK Hashseret sre Fquot dest Fquot spurt dPurL t H4 5 pits 3 pits 24 m A Time increments eyery B4 seednds 7 M55 Maximum Segment 5ize must be rememberedl e Cryptdgrapn hash Wsecret gives unpredietapiiity Onlythe server and the Receiver Elf the SEW can reproduce SEW e Nutperfect Limited MSS uptiuris Z4rbits can be bruterfurced Routersolutions protect nosts Witnout modifying nosts 7 Rate limitingShaping ClSEEI rduter TCF intercept feature mtemeVAetwkng Overview lTransport Layer Protection Originally designed to protect web browser to web server e inyented by Netscape n e Autnentication Supports server and ciient certiicates c encryption aiter key estaoiisnment e integrity Aii packets protected Witn a MAC Later versions SSL v21 referred to as TLS e T s incorporated Witnin applicationrlayerprotocols now in addition to in a Subrapplicatioi i iayer Example MAP mail can be eitner a separate 55Lprdteeted seryieepdrt imaps part 993 Dr neguatiated arter plaintext startupin standardlMAP urti43 Example 2 LDAF With simiiar dptidns idap is part aaai idaps is part ESE MtemeV EQWHHg Overview sue as SYN Issues SYN Flooding Server Data Structures 5wi CeSeqi i El SYNlACK SeSeqi i CeSeqiM 5wi 5qu El SYNlACK SeSqu CeSquM Client 5w CeSeqS D 5eryer SYNlACK SeSeqS CeSeqa DoS isn t due to trarricyoiume out to resource eknaustion memoryirithe serverO 5 Early network stacks nad a seyereiy iimited numoerornairopen structures ayaiiaoie Cari SpoofSRC address With i ioi irexistei it host pigmentsqu Overt9w Attacker Lessdns iearned e in netwprk stack Seqt s must pe unpredictapiei e in netwprk setup snduidriiter put ideai smlPs cumingrrdm dutside e in appiieatidn lPrbasEd trust is ayery pad ideai pigmentsqu Overt9w squ ar Application Layer Taskspecific Protocols for sending email SMTP getting web pages H39I39I39P secure shell SSH Can do things that only knowledge oftask can accomplish Security either provided in applicationspecific ways eg PGP for email or by relying on lowerlevel protections SSLTLS IPSec pigmentsqu Overt9w IApplication Layer Example HTTP GET lindex html HTTPl El Cllerlt ContenteLengtn i423 Server ContenteType texthtml Blah blah blah Opening message has request and HTTP version Content is media so MIME types make sense More on speci c applications in later classes MtemeVAstwlmg Overview see ar lBaslc Network Security Tools rns lDS Categorization by location Hostbased Intrusion Detection Systems HIDS Many iust watch systemaudit logs forsuspicious actiyity Some with more sophisticated monitoring pH monitors system calls Networkbased Intrusion Detection Systems NIDS Watches all traffic at a certain point can use a tap lfiust external access point can miss insiderattacksl n switched networks Use a spanning port Difficulties with encrypted traffic mtemeVAetwkng Overview Baslc Network Security Tools Types of rewalls r stateless packet filters Decisions made independently on a packetebyepacket basis Good for blocking ports nu incoming HTTP orblocking lF39 addressesranges blackllsts simple and fastrlncluded in many routers e stateful Keep information that relates packets to one another Cari track sessions and eyen related sessions 2 g FTP control and data 7 Application or proxies Doesn t forward packets at all 7 works at application layer Best example Web proxies Allows content filtering as well as security lmemeVAetwkmg Overt9w sue ae Baslc Network Security Tools ms was Categorization by type r Slgnaturecbase Monitors traffic for known suspicious patterns Adyantages Fastfewfalse positiyes Drawbacks Can t detect noyel attacks must prioritize warnings KEEplrlg signatures upetuedate leads to subscription sENlEEs e Anomalycbased Trys to learn typical actiyity and flag anomalies Anything unusual including noyel attacks can be caught Drawbacks Sluwand atypical behayior doesn t necessarily mean bad behayior too many false positiyes 7 short and most commercial lDSs are slgrlaturecbased sometimes with simple anomalycbased extensions l r lmemeVAstwkmg Overt9w side 4 i39i ll QMquot
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'