Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise

Network topology The arrangement or mapping of the elements(links, nodes, etc.) of a networklinksnodesnetwork Physical and logical topology

Layer 3 details IP addresses Subnetting – Subnet mask Gateways and route information Getting adjacency info Relaxed security enforcement between machines on the same subnet

Virtual LAN “…. a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.”Broadcast domain Software for network reconfiguration Traffic segmentation and easy relocations

Layer 4 - Transport Ports and Services Common services listen to well-known ports – IANA – Easy to organize using well-known ports Target for attackers Vulnerable services Port scanning

nmap utility Free, open source utility for network exploration Uses IP packets to determine what hosts are available and up on a network – Port information; Services offered – Versioning information – Used by sysadmins for

Packet Analyzers Network protocol analyzer Interactively browse packet data from a live network tcpdump, netstat GUIs exist

Weak protocols telnet, ftp http vs https – Relevance of digital certificates Software vulnerabilities OS systems and versions SSL toolkit compromises

su and sudo commands switch user command – su with no arguments defaults to root sudo allows execution of commands as root – sudo bash ??? /etc/sudoers files

Firewalls iptables program – Packet filtering Control traffic flow from and to the system – Rule chains – Targets – Session states /etc/sysconfig/iptables – sudo iptables -L

Buffer overflow attacks Buffer overrun: process attempts to store data beyond the allowed memory boundaries Segmentation fault, process termination or even modify the return address Eggs

SQL Injection $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; // our MySQL query builder really should check for injection $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; // the new evil injection query would include a DELETE statement echo "Injection: ". $query_evil; SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '

Homework Exercises 1 – Due March 6, 2009 Get an account on the CS Linux servers and run nmap to gain an understanding on the network, the services available for access, their versioning information. Explain how you can write to /etc/passwd file using passwd command though you do not have rights (as the regular user) to modify the contents of the file.

Homework Exercise 2 – Due March 13, 2006, 5pm Create a firewall rule (iptables) to allow Remote desktop connections to the server optimus.cs.uh.edu only if the connection is from on-campus. Explain if the http support in gmail still maintains the privacy of communication between the browser and gmail server.

Homework Exercise 3 – Due March 23, 2009 at 1pm Even if two users have identical passwords, the hashes of their passwords in the /etc/passwd file or /etc/shadow file are different. How is this done and why is it done? Explain in not more than a page.