Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.

Published byOliver Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence."— Presentation transcript:

1 1 Securing Network Services

2 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence of numbered packets, with source (port, address), destination (port, address) and flags –First packet – SYN (synchronize sequence numbers) –Response packet - SYN & ACK –Thereafter – ACK –Last packet – FIN & ACK Ports are associated with services: –21 - FTP –25 – e-mail –80 - http – many many more Based on client-server model

3 3 How UDP works Unreliable (unwarranted) delivery of information between systems -- No acknowledgement Ports for UDP services –Port 123 -- Network Time –Port 53 -- DNS –Port 69 -- TFTP –Port 514 -- Syslog –Port 517 – Talk Based on stateless distribution of information

4 4 Application Services Domain Name Service (DNS) -- TCP/UDP –Replaced /etc/hosts files –Tree-structured query system –Replies -- either answer or reference to more refined domain Mail -- TCP (port 25) FTP -- file transfer protocol -- TCP HTTP -- World Wide Web -- TCP

5 5 TCP/IP Services Many have security risks –Ways to access your computers –Information on your computers and your users Can block them all (Paranoid approach) More often-- keep some, block others Blocking method -- firewalls

6 6 General Points Will discuss variety of services with security implications –Not full list of internet services –Not full list of security problems Administrators need to understand implications before offering service –CERT advisories –Configuration options –Prudent attitude

7 7 User Education Suspicious network behavior Suspicious user behavior Who to contact When to contact Exercises

8 8 Web WWW: World Wide Web –System for automated information exchange –Allows rapid access to flexibly-presented information –Well over 50% of Internet traffic Presentation Options: –Formatted Hypertext –Bitmap graphics –Program execution (CGI scripts, Applets, etc.) –Audio –Movies –Many more

9 9 WWW Threats Exploitation of server or script bugs Disclosure of unauthorized information Interception of confidential information Information loading from web client by rogue server Dependence on licensed software

10 10 WWW Risky Options Server-side includes Sending email from server Accessing PERL on server Spawning sub-processes Calling scripts outside of controlled directories Mixing HTTP and anonymous FTP

11 11 WWW Access Control Configure scripts to be read and executed only by server Use prudent access to exported files Don’t use per-directory access files Use certified public keys for access Use server-side password for access

12 12 WWW Privacy Network-side: –Link encryption –Document encryption –Secure Socket Layer –Secure HTTP –All subject to limitations on Encryption Log files: –Restrict access –Don’t retain on server machine –Use syslogd –Warn users about logging

13 13 Web Browsers Executing code from the net Trusting vendors / Licensing Dependence on third parties

14 14 RPC Remote Procedure Call a)Calling program calls client code and waits b)Client code bundles parameters into message to server (XDR - external data representation) c)Server executes call with supplied data, returning result in message to client code d)Client code returns result to calling program Requires: –Client knowing server –Client & Server agree on communication (portmapper) Authentication: –Auth_none - live fast, die young –Auth_UNIX - UID/GID authentication (trust client) –Auth_DES - Secret/public key authentication (Diffie/Hellman key exchange, DES encryption) –Auth_KERB - Kerberos authentication

15 15 Kerberos Produced for MIT project ATHENA Authenticates: User to client and server Client to server Server to client Centralized and stateless Passwords stored unencrypted on central server Never transmitted across network

16 16 Kerberos Protocols Login: –User enters username and password –Client sends username and current time encrypted with password –Server decrypts information and verifies valid user –Returns session key encrypted with user password Service Request: –Client sends request to ticket-granting server, encrypted with session key –TGS responds with identity of server, encrypted ticket all encrypted with session key –Client passes encrypted ticket to server with client IP and username

Download ppt "1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
Layer 7- Application Layer

Layer 7- Application Layer
COS 420 DAY 25. Agenda Assignment 5 posted Chap 22-26 Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.

COS 420 DAY 25. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Nasca 2007 200 400 600 800 1000 Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.

Nasca Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Application Layer Functionality and Protocols Network Fundamentals – Chapter 3.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Application Layer Functionality and Protocols Network Fundamentals – Chapter 3.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Human-Computer Interface Course 5. ISPs and Internet connection.

Human-Computer Interface Course 5. ISPs and Internet connection.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Similar presentations

Ads by Google