Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2.

Published byJuliana Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2."— Presentation transcript:

1 Class 12 CSCI 6433 Dave Roberts 1

2 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2

3 3 File Transfer Protocol FTP FTP provides the ability to transfer files between computers. FTP uses two TCP connections between client and server: control connection is maintained throughout the session, used only for passing control information data connection is established each time data is sent from server to client or client to server 3

4 4 An FTP Session 4

5 5 TELNET Telnet provides a bidirectional, interactive text- oriented facility using a virtual terminal connection. User data is sent in-band with Telnet control information Telnet provides a command-line interface (usually, to an operating system) on a remote host 5 Question: what transport protocol does Telnet use?

6 6 TELNET and Security Original TELNET implementation had not security Dialogues can be intercepted, including passwords New protocol, SSH, provides features of TELNET along with encryption of communications and authentication Most TELNET installations are not being updated to new security features; SSH is used instead 6

7 7 Secure Shell SSH Cryptographic network protocol for secure data communication, remote command-line login between two networked computers. Connects using a secure channel over an insecure network Server and client run SSH server and SSH client Designed as replacement for TELNET 7

8 8 Program Use of TCP Sockets available for programming are: o Datagram sockets using UPD o Stream sockets using TCP o Raw sockets that use IP Most applications use datagram or stream sockets A socket is identified by: Local socket address (IP address and port number) For TCP only: Remote socket address (IP address and port number) Socket pairs: Socket pair is a 4-tuple of local and remote IP addresses, port numbers o TCP: each socket pair has a socket number o UDP: each socket pair has a socket number How to implement API is left to each operating system 8

9 9 Windows Socket API (Winsock) Provides access to network services in Windows environment Uses TCP/IP Based on Berkeley sockets API API guarantees that conforming application will work with a conforming protocol implementation from any vendor 9

10 Winsock Operation Client Initialize Winsock. Create a socket. Connect to the server. Send and receive data. Disconnect. 10 Server Initialize Winsock. Create a socket. Bind the socket. Listen on the socket for a client. Accept a connection from a client. Receive and send data. Disconnect.

11 11 Some Winsock Commands Accept—permits an incoming connection attempt on a socket Bind—associates a local address with a socket Listen—places a socket in a state of listening for an incoming connection Connect—establishes a connection to a specified socket Send—send data on a connected socket Recv—receive data from a connected socket Transmitfile—transmits file data over a connected socket Closesocket—close an existing socket 11

12 Internet Security 12

13 13 First… A general comment about security. The greatest security weakness is… People! Often, technical weaknesses are exploited by obtaining help from people.

14 14 Information Policy Information policy is essential for security o Who is allowed to access what information o Rules associated with dissemination o Rules for acting on violations People are always the weak links in security o Policy weaknesses cause mistakes o Policy weaknesses can be exploited 14

15 15 Tonight we talk about Internet security, so we’ll omit people from the discussion. But understand that people are the weakest link, and that security policy is required in order for technical protections to work.

16 16 Agenda The Problem Attacks Security measures

17 17 Early vs. later design Later designs tend to have protection features DNS SMTP HTTP The “guts” don’t have good security IP Network Layer

18 18 Attacks Malware Denial-of-service attack Social engineering Eavesdropping Password guessing War dialing—software and modem calls desktop computers, looks for paths into corporate networks Denial of service attacks—overwhelms capacity of a computer so that it can’t process legitimate work Protocol-based attacks—exploiting weaknesses in protocols Source Quench ARP Spoofing Host attacks—exploiting weaknesses in hosts

19 19 Malware Viruses—program that can replicate itself and spread to other computers Trojan horse—program that appears to be harmless but hides malicious functions Spyware—program that collects information with the user’s knowledge Worm—standalone malware that replicates itself in order to spread to other computers Bot—program that runs an automated task over the Internet

20 20 Internet Protocol security Network layer security o IPsec Protocol o TLS (formerly known as SSL) Email security Background Pretty Good Privacy (PGP) Multipurpose Internet Mail Extensions (MIME) Message Authentication Code Firewalls Role of firewalls in Internet security and web security Types of firewalls Packet filters Circuit-level gateways Application-level gateways

21 21 Ipsec core protocols

22 IPsec Authentication Header 22

23 IPsec Encapsulating Security Payload 23

24 24 IPSec Implementation Two methods: 1.Router implementation: implement for pairs of routers that route datagrams outside the organization (“bump in the wire”) 2.End Host Implementation: enables end-to-end security between any two devices on the network (“bump in the stack”)

25 25 IPSec “bump in the wire”

26 26 IPSec “bump in the stack”

27 27 IpSec Modes 1.Transport Mode: protocol protects the message passed from the transport layer 2.Tunnel Mode: protocol protects a complete encapsulated IP diagram after the IP header has been applied

28 28 Transport mode

29 29 Tunnel mode

30 30 TLS (formerly SSL) SSL was originally developed by Netscape through Version 3.0 Now called Transport Layer Security (TLS) Encryption takes place at the application layer Uses asymmetric cryptography for key exchange, symmetric cryptography for information protection, message authentication codes for message integrity

31 31 Uses of SSL Variations of TLS are now in use in HTTP SMTP Internet faxing VOIP

32 32 Connecting Some protocols use a different port number (i.e., port 443 for HTTPS) Others use regular port number, have the client request switching the connection to TLS (i.e., STARTTLS command for SMTP) Once connection is made, then asymmetric cryptography is used to negotiate the session and authenticate Then symmetric cryptography is used to protect the data transfer

33 33 SMTP Security SMTP-AUTH extension (RFC 2554) defines authentication methods for SMTP SMTP-AUTH provides a method to specify a security mechanism, authenticate the exchange and negotiate a security profile Felt to be too complex for widespread adoption Anti-Spam Research Group of the ITEF is working on flexible, lightweight, scalable methods for source authentication

34 34 Security Techniques Perimeter security—provide some kind of network boundary and divide service and network availability between “inside” and “outside”, determining the services and networks available to outsiders, extent to which outsiders can use resources Encryption—used to hide data, used for many aspects of security Authentication and authorization—reliably identify authorized users and allow access Intrusion detection—detecting actions that attempt to compromise confidentiality, integrity or availability of a resource 34

35 35 Internet Security Security is difficult because datagram contents cannot be trusted Datagrams pass through uncontrolled intermediaries, can be changed Authentication based on source addresses can’t be trusted Strong authentication based on encryption is more trustworthy Encryption protects information in transit from change or access A trusted key authority is needed if encryption is to offer more than protection of information while in transit. 35

36 36 Intrusion detection Detecting all possible intrusion attempts is not computable; too many computations, always one more method Typically heuristics, clustering algorithms, statistics are used as the basis for techniques Network IDS (NIDS) examines traffic at all layers, analyzes for suspicious activity WLAN IDS also looks for attempts to connect to rogue devices Host-based IDS (HIDS) analyze traffic and system- specific settings. Installed, configured on each machine.

37 37 IDS Types Signature-based—relies on known traffic patterns, looks for anomalous patterns. Can be fooled by attack that is a small change from normal traffic. Usually very effective. Anomaly-based—detects any traffic that is incorrect or otherwise not normal. Stateful protocol inspection—like anomaly-based detection, but can examine traffic at network, transport layer and vendor-specific traffic at the application layer

38 38 SMTP Security Easy to spoof an email address Many security changes to SMTP have been resisted; some popular features: Checking IP address of a device attempting connection against a “white list” Limiting commands such as EXPN to prevent unauthorized users from determining the e-mail addresses of users on mailing lists. Checking validity of envelope information before accepting a message for delivery. Limiting the size of e-mail messages that may be sent or the number that may be sent in a given period of time. Logging all access to the server to keep records of server use and check for abuse. Encryption can be used along with MIME encoding

39 39 Firewalls Housing—separates garage from house or one apartment from another Automobiles—separates engine from passenger compartment Firewalls are intended to keep a fire localized until residents can escape and help can arrive

40 40 Firewalls Often must protect a network from unwanted communication Internet firewall is the common mechanism for internet access control Firewall placed at the connection to external networks, partitions into two regions, inside and outside Firewalls must be placed at all Internet connections, forming a security perimeter A firewall is a router with filtering capabilities 40

41 41 Firewall Properties 1.Single point connection between 2 or more networks where all traffic must pass 2.Traffic can be controlled through the device 3.All traffic is logged

42 42 Firewall Implementation Routers usually have a function called packet filter—will block datagrams by source, by application, etc. This is most often stateless filtering Often, packet filter is a board in the router No TCP/IP standard for packet filters, left up to vendors 42

43 43 Types of Packet Filters 1.Static—filter rules must be changed manually 2.Dynamic—outside process changes the rules dynamically 3.Stateful inspection—dynamic, but including detailed inspection of data contained in the IP packet Dynamic and stateful firewalls keep a dynamic state table to make changes to the filtering rules based on events

44 44 Packet Filtering Example 44

45 45 Stateful Firewalls Allows clients inside firewall to use services outside the firewall by keeping track of the state of network connections Watches outgoing connections, passes only packets that follow known connection patterns Techniques: Soft state—timer removes inactive state information after a timeout Connection monitoring—firewall watches packets, removes information when flow terminates 45

46 46 Application Firewalls Firewall function at the application level Provides multiple application proxies Understand the operation of an application Check messages and ensure that they follow the pattern of the application Bad messages are not passed on Proxies can sometimes be tricked; important to install new software releases promptly

47 47 Proxy Access Generally it’s impossible to make all computers in an organization secure So one is made secure with application gateways, placed between firewalls This bastion host serves as a proxy for computers inside the network to access the Internet Firewalls are configured to pass only traffic to or from the bastion host Bastion host can inspect contents of traffic going through it, or it can just pass the traffic 47

48 48 One-router dmz 48

49 49 One-router dmz 49

50 Firewall effect From this level of risk To this

51 51 Summary Internet must connect organizations with limited mutual trust IPsec protects at the IP layer, allows authentication or encryption of data, tunneling to protect packet content TLS is used for protection at the transport layer, added to applications IDSes watch for behavior that indicates inappropriate activity Firewalls are used at Internet connections DMZs can provide considerable isolation Note that all of these have been added on to the Internet, rather than designed in at the outset 51

52 What we’ve talked about

53 53 Protocol Dependencies We can now look at a complete picture of Internet protocols and how they depend on each other. The chart illuminates some basic choices of Internet protocol architecture Does today’s technology still require the difference between UDP and TCP? Could ECC be used and a single protocol used to replace both UDP and TCP? 53

54 54 Protocol Dependencies 54

55 55 IP as Universal Connector 55

56 56 Summary Rich functionality of TCP/IP comes from services provided by applications Client on one machine can communicate with a server on a different type of machine Intermediate machines do not have to forward whole messages There are complex interdependencies among the protocols 56

Download ppt "Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google