CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Computer Security and Penetration Testing
CCNA – Network Fundamentals
Intermediate TCP/IP TCP Operation.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP Sharon Goldberg CS558 Boston University Spring 2015 Most slides and images borrowed.
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Slide 1 Vitaly Shmatikov CS 378 Attacks on TCP/IP.
Chapter 5 The Network Layer.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Slide 1 Isaac Ghansah Attacks on TCP/IP. slide 2 Internet Infrastructure local network Internet service provider (ISP) backbone ISP local network uTCP/IP.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
CS 356 Systems Security Spring Dr. Indrajit Ray
Process-to-Process Delivery:
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
OSI Model Routing Connection-oriented/Connectionless Network Services.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 CSCD 434 Lecture 3 NetworkProtocol Vulnerabilities Spring 2012.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
COMT 429 The Internet Protocols COMT 429. History 1969First version of a 4 node store and forward network, the ARPAnet 1972Formal demonstration of ARPAnet.
TCP/IP Protocol Suite Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009 Asia Pacific Institute.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Chapter 4 TCP/IP Overview Connecting People To Information.
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
CS426Network Security1 Computer Security CS 426 Network Security (1)
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 Network Layer Lecture 16 Imran Ahmed University of Management & Technology.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Cisco Networking Academy S2 C9 TCP/IP. ensure communication across any set of interconnected networks Stack components such as protocols to support file.
Internet Protocols (chapter 18) CSE 3213 Fall 2011.
Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
Lesson 7: Network Security and Attacks. Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption.
TCP Security Vulnerabilities Phil Cayton CSE
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.
McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Computer Network Security Dr. X. OSI stack… again.
TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.
Executive Director and Endowed Chair
Chapter 5 Network and Transport Layers
Introduction to TCP/IP networking
Introduction to TCP/IP
Chapter 5 Network and Transport Layers
The Internet! Layers, TCP, UDP, IP DDoS Reflection Attacks IPSEC, ARP
Error and Control Messages in the Internet Protocol
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
Process-to-Process Delivery:
Process-to-Process Delivery: UDP, TCP
Presentation transcript:

CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)

CS426Fall 2010/Lecture 332 Network Protocols Stack Application Transport Network Link Application protocol TCP protocol IP protocol Data Link IP Network Access IP protocol Data Link Application Transport Network Link

Types of Addresses in Internet Media Access Control (MAC) addresses in the network access layer –Associated w/ network interface card (NIC) –48 bits or 64 bits IP addresses for the network layer –32 bits for IPv4, and 128 bits for IPv6 –E.g., IP addresses + ports for the transport layer –E.g., :80 Domain names for the application/human layer –E.g., CS426Fall 2010/Lecture 333

Routing and Translation of Addresses Translation between IP addresses and MAC addresses –Address Resolution Protocol (ARP) for IPv4 –Neighbor Discovery Protocol (NDP) for IPv6 Routing with IP addresses –TCP, UDP, IP for routing packets, connections –Border Gateway Protocol for routing table updates Translation between IP addresses and domain names –Domain Name System (DNS) CS426Fall 2010/Lecture 334

Threats in Networking Confidentiality –Packet sniffing Integrity –Session hijacking Availability –Denial of service attacks Common –Address translation poisoning attacks –Routing attacks CS426Fall 2010/Lecture 335

CS426Fall 2010/Lecture 336 Concrete Security Problems ARP is not authenticated –APR spoofing (or ARP poisoning) Network packets pass by untrusted hosts –Packet sniffing TCP state can be easy to guess –TCP spoofing attack Open access –Vulnerable to DoS attacks DNS is not authenticated –DNS poisoning attacks

CS426Fall 2010/Lecture 337 Address Resolution Protocol (ARP) Primarily used to translate IP addresses to Ethernet MAC addresses –The device drive for Ethernet NIC needs to do this to send a packet Also used for IP over other LAN technologies, e.g., FDDI, or IEEE Each host maintains a table of IP to MAC addresses Message types: –ARP request –ARP reply –ARP announcement

CS426Fall 2010/Lecture 338

CS426Fall 2010/Lecture 339 ARP Spoofing (ARP Poisoning) Send fake or 'spoofed', ARP messages to an Ethernet LAN. –To have other machines associate IP addresses with the attacker’s MAC Defenses –static ARP table –DHCP snooping (use access control to ensure that hosts only use the IP addresses assigned to them, and that only authorized DHCP servers are accessible). –detection: Arpwatch (sending when updates occur), Legitimate use –redirect a user to a registration page before allow usage of the network

CS426Fall 2010/Lecture 3310 Internet Protocol Connectionless –Unreliable –Best effort Transfer datagram –Header –Data IP VersionHeader Length Type of Service Total Length Identification Flags Time to Live Protocol Header Checksum Source Address of Originating Host Destination Address of Target Host Options Padding IP Data Fragment Offset

CS426Fall 2010/Lecture 3311 IP Routing Internet routing uses numeric IP address Typical route uses several hops Meg Tom ISP Office gateway Source Destination Sequence Packet

CS426Fall 2010/Lecture 3312 Packet Sniffing Promiscuous Network Interface Card reads all packets –Read all unencrypted data (e.g., “ngrep”) –ftp, telnet send passwords in clear! AliceBob Eve Network Prevention: Encryption (IPSEC, TLS)

CS426Fall 2010/Lecture 3313 User Datagram Protocol IP provides routing –IP address gets datagram to a specific machine UDP separates traffic by port (16-bit number) –Destination port number gets UDP datagram to particular application process, e.g., :53 –Source port number provides return address Minimal guarantees –No acknowledgment –No flow control –No message continuation

CS426Fall 2010/Lecture 3314 Transmission Control Protocol Connection-oriented, preserves order –Sender Break data into packets Attach sequence numbers –Receiver Acknowledge receipt; lost packets are resent Reassemble packets in correct order BookMail each pageReassemble book

TCP Sequence Numbers Sequence number (32 bits) – has a dual role: –If the SYN flag is set, then this is the initial sequence number. The sequence number of the actual first data byte is this sequence number plus 1. –If the SYN flag is clear, then this is the accumulated sequence number of the first data byte of this packet for the current session. Acknowledgment number (32 bits) – –If the ACK flag is set then this the next sequence number that the receiver is expecting. –This acknowledges receipt of all prior bytes (if any). CS426Fall 2010/Lecture 3315

CS426Fall 2010/Lecture 3316 TCP Handshake C S SYN (seq=x) SYN ACK (ack=x+1 seq=y) ACK (ack=y+1,seq=x+1) Listening Store data Wait Connected

CS426Fall 2010/Lecture 3317 TCP sequence prediction attack Predict the sequence number used to identify the packets in a TCP connection, and then counterfeit packets. Adversary: do not have full control over the network, but can inject packets with fake source IP addresses –E.g., control a computer on the local network TCP sequence numbers are used for authenticating packets Initial seq# needs high degree of unpredictability –If attacker knows initial seq # and amount of traffic sent, can estimate likely current values –Some implementations are vulnerable

CS426Fall 2010/Lecture 3318 Blind TCP Session Hijacking A, B trusted connection –Send packets with predictable seq numbers E impersonates B to A –Opens connection to A to get initial seq number –DoS B’s queue –Sends packets to A that resemble B’s transmission –E cannot receive, but may execute commands on A Server A B E Attack can be blocked if E is outside firewall.

CS426Fall 2010/Lecture 3319 Risks from Session Hijacking Inject data into an unencrypted server-to-server traffic, such as an exchange, DNS zone transfers, etc. Inject data into an unencrypted client-to-server traffic, such as ftp file downloads, http responses. IP addresses often used for preliminary checks on firewalls or at the service level. Hide origin of malicious attacks. Carry out MITM attacks on weak cryptographic protocols. –often result in warnings to users that get ignored Denial of service attacks, such as resetting the connection.

CS426Fall 2010/Lecture 3320 DoS vulnerability caused by session hijacking Suppose attacker can guess seq. number for an existing connection: –Attacker can send Reset packet to close connection. Results in DoS. –Naively, success prob. is 1/2 32 (32-bit seq. #’s). –Most systems allow for a large window of acceptable seq. #’s Much higher success probability. Attack is most effective against long lived connections, e.g. BGP.

CS426Fall 2010/Lecture 3321 Categories of Denial-of-service Attacks Stopping servicesExhausting resources Locally Process killing Process crashing System reconfiguration Spawning processes to fill the process table Filling up the whole file system Saturate comm bandwidth Remotely Malformed packets to crash buggy services Packet floods (Smurf, SYN flood, DDoS, etc)

CS426Fall 2010/Lecture 3322 SYN Flooding C S SYN C1 Listening Store data SYN C2 SYN C3 SYN C4 SYN C5

CS426Fall 2010/Lecture 3323 SYN Flooding Attacker sends many connection requests –Spoofed source addresses Victim allocates resources for each request –Connection requests exist until timeout –Old implementations have a small and fixed bound on half-open connections Resources exhausted  requests rejected No more effective than other channel capacity- based attack today

CS426Fall 2010/Lecture 3324 Smurf DoS Attack Send ping request to broadcast addr (ICMP Echo Req) Lots of responses: –Every host on target network generates a ping reply (ICMP Echo Reply) to victim –Ping reply stream can overload victim Prevention: reject external packets to broadcast address gateway DoS Source DoS Target 1 ICMP Echo Req Src: Dos Target Dest: brdct addr 3 ICMP Echo Reply Dest: Dos Target

CS426Fall 2010/Lecture 3325 Internet Control Message Protocol Provides feedback about network operation –Error reporting –Reachability testing –Congestion Control Example message types –Destination unreachable –Time-to-live exceeded –Parameter problem –Redirect to better gateway –Echo/echo reply - reachability test –Timestamp request/reply - measure transit delay

CS426Fall 2010/Lecture 3326 Distributed DoS (DDoS)

CS426Fall 2010/Lecture 3327 Hiding DDoS Attacks Reflection –Find big sites with lots of resources, send packets with spoofed source address, response to victim PING => PING response SYN => SYN-ACK Pulsing zombie floods –each zombie active briefly, then goes dormant; –zombies taking turns attacking –making tracing difficult

CS426Fall 2010/Lecture 3328 Cryptographic network protection Solutions above the transport layer –Examples: SSL and SSH –Protect against session hijacking and injected data –Do not protect against denial-of-service attacks caused by spoofed packets Solutions at network layer –Use cryptographically random ISNs [RFC 1948] –More generally: IPsec –Can protect against session hijacking and injection of data denial-of-service attacks using session resets

CS426Fall 2010/Lecture 3329 Readings for This Lecture Optional Reading Steve Bellovin: A Look Back at “Security Problems in the TCP/IP Protocol Suite”Steve Bellovin: A Look Back at “Security Problems in the TCP/IP Protocol Suite”

CS426Fall 2010/Lecture 3330 Coming Attractions … DNS Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.