Download presentation
Presentation is loading. Please wait.
Published byBathsheba Lewis Modified over 9 years ago
1
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)
2
Agenda Basic Networking Firewall Network Attacks Introduction to Port Knocking Mechanism of Port Knocking
3
Introduction Computer network is built on top of protocol stack ◦ OSI Model: 7 layers Operating system perform networking by using network socket as an interface to communicate to other hosts TCP/IP is the most common network protocol stack in modern networking ◦ Each host on the network are associated with an IP address However, there are many application that may be performing network communication at the same time ◦ OS uses ports to identify the applications that need to receive a certain network data *Reference image taken from http://commons.wikimedia.org/wiki/File:Osi-model-jb.png
4
TCP/IP – Internet Protocol Suite A simpler model consist of 5 layers Generally 2 types of packet ◦ TCP Segment ◦ UDP Datagram 3 rd type is a RAW Packet ◦ Used together with RAW Socket ◦ Limited support in Windows ◦ More capabilities possible in UNIX/LINUX environment Network Transport Data Link Application Physical
5
Client and Server Usually Internet services are built around in a Client/Server model ◦ Server that wish to offer services have to “listen” on a certain port using socket for requests ◦ Client send request (follow server’s protocol) and initiate data exchange using a random port This applies to Peer-2-Peer (P2P) hosts ◦ Hosts act as both client and server instead of one at a time ◦ All P2P-hosts “listen” on a certain port The ports that these servers are listening on are referred as an “open” port
6
Port Status Generally, we can classify the status of a port into 3 types (using definition of Nmap) ◦ Open – Active and accessible ◦ Closed – Not active but it is still accessible ◦ Filtered – Unknown Usually we can use a network port scanner to gain knowledge of the status of a certain port ◦ Network Mapper (Nmap) is a famous and popular tool that is freely available Network scan can be legitimate or illegal ◦ To detect and troubleshoot problem of network setup ◦ To perform penetration check on firewall ◦ It can also be used by malicious hacker as a preparation for attack
7
Firewall An open port is susceptible to attacks ◦ It is always accessible remotely ◦ Anyone can connect to it (or try to) A firewall can be used to protect the ports Firewall is a network security measurement ◦ It can protect the host by applying control to the traffic that flow through the network ◦ Can be in the form of software or hardware *Reference image taken from http://www.linksysbycisco.com/static/us/Learning-Center/Network-Security/Protecting-Your-Individual-PC/Software-Firewall/
8
Firewall (cont) Firewall can inspect network traffic ◦ Based on a certain rules, it will allow or drop network packets into/from a host ◦ Rules can be applied to both inbound and outbound network traffic For server that listens to a port to provide a service, there is still a problem ◦ That port must remain open ◦ This create a network security risk Although extra security policy could be apply to mitigate the risk
9
Network Attacks By using tools like Nmap, malicious hacker can find some open ports to penetrate the system Nmap can show the version of the server applications or services or even fingerprint the OS on the host ◦ Some version of the services are vulnerable to certain attack, e.g. SSH v1.2.31 CRC-32 (2001) ◦ These attacks may allow the hacker to gain root (or admin) access, compromise and create more holes in the system Other examples ◦ Buffer-overflow ◦ TCP SYN-Flood ◦ Ping-flood
10
Port Knocking Port Knocking can be seen as a security mechanism for concealing open ports If we were to explain in analogy, port knocking will be comparable to the secret door knock in the old days ◦ To get the door open, one have to knock the correct sequence ◦ There might be another question asking for secret password after knocking correctly Door = Port Secret Knocks = Port Knock Sequence Password = Authentication ◦ e.g. From SSH
11
Port Knocking (cont) Port Knocking works together with Firewall ◦ Giving an extra layer of protection ◦ It is not a replacement for authentication Port Knocking does 3 things: ◦ Concealment – all packets are dropped except those established connection ◦ Service Protection – because all packets are dropped by default, it protects the services behind the ports ◦ User Authentication – only trusted users who knows the secret knocks can open a port and connects to it Port Knocking Firewall Applications (i.e. SSH) Operating System Hardware 2 types of Port Knocking ◦ Vanilla version ◦ Single Packet Authorization (will be explained in next week)
12
Server Port Knock Daemon Mechanism of Port Knocking SSHd Application 22 … Client Port Knock Client SSH Client 5724 … SYN: 5120SYN: 128SYN: 780
13
Mechanism of Port Knocking (cont) Server Port Knock Daemon SSH Application 22 … Client Port Knock Client SSH Client … 5726 SSH Req
14
Port Knocking Explained Port-knock messages will be dropped by the firewall as usual ◦ But the daemon will take note of the knocks Daemon will change firewall rule after receiving the correct knocks ◦ Temporary allow packets from the client to connect the actual port ◦ Once TCP connection is established, additional rules will be added to firewall to allow the entire TCP session Daemon can be implemented in 2 ways: ◦ Tracing the firewall logs ◦ Sniffing packets before it is dropped by the firewall
15
Next Up We will present about SPA and its details on our upcoming presentation After both topic are discussed, we will perform a study on the issues and problems in port knocking Questions?
16
Thank you
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.