1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.

Slides:



Advertisements
Similar presentations
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Advertisements

CCNA – Network Fundamentals
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
CCNA 1 v3.1 Module 11 Review.
Layer 7- Application Layer
COS 420 DAY 25. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Nasca Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Application Layer Functionality and Protocols Network Fundamentals – Chapter 3.
INTRODUCTION TO WEB DATABASE PROGRAMMING
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Human-Computer Interface Course 5. ISPs and Internet connection.
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Web Server Administration Chapter 10 Securing the Web Environment.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Presentation on Osi & TCP/IP MODEL
Chapter 4: Core Web Technologies
Chapter 6: Packet Filtering
ES Module 5 Uniform Resource Locators, Hypertext Transfer Protocol, & Common Gateway Interface.
1 ELEN602 Lecture 2 Review of Last Lecture Layering.
CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 23 How Web Host Servers Work.
SYSTEM ADMINISTRATION Chapter 7 TCP/IP. Overview (OSI Model Review) The OSI Model is a layered framework that provides structure for data communications.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
1 Version 3.0 Module 11 TCP Application and Transport.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
TCP/IP Transport and Application (Topic 6)
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Module 9: Fundamentals of Securing Network Communication.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
1 Welcome to CSC 301 Web Programming Charles Frank.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Cisco – Chapters Layers 4, 5, and 6 More Details.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
TCP/IP (Transmission Control Protocol / Internet Protocol)
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Cisco – Chapter 15 Application Layer closest to you as an end-user, when you are interacting with software.
Cisco Discovery Semester 1 Chapter 6 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Hands-On Ethical Hacking and Network Defense
Transmission Control Protocol (TCP) Internet Protocol (IP)
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
The Internet What is the Internet? The Internet is a lot of computers over the whole world connected together so that they can share information. It.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
1 Example security systems n Kerberos n Secure shell.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Instructor Materials Chapter 5 Providing Network Services
Process-to-Process Delivery:
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Application Layer Functionality and Protocols
Computer Networks Protocols
Presentation transcript:

1 Securing Network Services

2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence of numbered packets, with source (port, address), destination (port, address) and flags –First packet – SYN (synchronize sequence numbers) –Response packet - SYN & ACK –Thereafter – ACK –Last packet – FIN & ACK Ports are associated with services: –21 - FTP –25 – –80 - http – many many more Based on client-server model

3 How UDP works Unreliable (unwarranted) delivery of information between systems -- No acknowledgement Ports for UDP services –Port Network Time –Port DNS –Port TFTP –Port Syslog –Port 517 – Talk Based on stateless distribution of information

4 Application Services Domain Name Service (DNS) -- TCP/UDP –Replaced /etc/hosts files –Tree-structured query system –Replies -- either answer or reference to more refined domain Mail -- TCP (port 25) FTP -- file transfer protocol -- TCP HTTP -- World Wide Web -- TCP

5 TCP/IP Services Many have security risks –Ways to access your computers –Information on your computers and your users Can block them all (Paranoid approach) More often-- keep some, block others Blocking method -- firewalls

6 General Points Will discuss variety of services with security implications –Not full list of internet services –Not full list of security problems Administrators need to understand implications before offering service –CERT advisories –Configuration options –Prudent attitude

7 User Education Suspicious network behavior Suspicious user behavior Who to contact When to contact Exercises

8 Web WWW: World Wide Web –System for automated information exchange –Allows rapid access to flexibly-presented information –Well over 50% of Internet traffic Presentation Options: –Formatted Hypertext –Bitmap graphics –Program execution (CGI scripts, Applets, etc.) –Audio –Movies –Many more

9 WWW Threats Exploitation of server or script bugs Disclosure of unauthorized information Interception of confidential information Information loading from web client by rogue server Dependence on licensed software

10 WWW Risky Options Server-side includes Sending from server Accessing PERL on server Spawning sub-processes Calling scripts outside of controlled directories Mixing HTTP and anonymous FTP

11 WWW Access Control Configure scripts to be read and executed only by server Use prudent access to exported files Don’t use per-directory access files Use certified public keys for access Use server-side password for access

12 WWW Privacy Network-side: –Link encryption –Document encryption –Secure Socket Layer –Secure HTTP –All subject to limitations on Encryption Log files: –Restrict access –Don’t retain on server machine –Use syslogd –Warn users about logging

13 Web Browsers Executing code from the net Trusting vendors / Licensing Dependence on third parties

14 RPC Remote Procedure Call a)Calling program calls client code and waits b)Client code bundles parameters into message to server (XDR - external data representation) c)Server executes call with supplied data, returning result in message to client code d)Client code returns result to calling program Requires: –Client knowing server –Client & Server agree on communication (portmapper) Authentication: –Auth_none - live fast, die young –Auth_UNIX - UID/GID authentication (trust client) –Auth_DES - Secret/public key authentication (Diffie/Hellman key exchange, DES encryption) –Auth_KERB - Kerberos authentication

15 Kerberos Produced for MIT project ATHENA Authenticates: User to client and server Client to server Server to client Centralized and stateless Passwords stored unencrypted on central server Never transmitted across network

16 Kerberos Protocols Login: –User enters username and password –Client sends username and current time encrypted with password –Server decrypts information and verifies valid user –Returns session key encrypted with user password Service Request: –Client sends request to ticket-granting server, encrypted with session key –TGS responds with identity of server, encrypted ticket all encrypted with session key –Client passes encrypted ticket to server with client IP and username

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.