Introduction to the internet spring 2006 instructor arnoldo herrera
This presentation is the property of its rightful owner.
Sponsored Links
1 / 42

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera. Course Policies. Class attendance is mandatory. Please arrive in class before the lecture begins.

Download Presentation

Introduction to the Internet Spring 2006 Instructor: Arnoldo Herrera

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Introduction to the internet spring 2006 instructor arnoldo herrera

Introduction to the InternetSpring2006Instructor: Arnoldo Herrera

Course policies

Course Policies

  • Class attendance is mandatory. Please arrive in class before the lecture begins.

  • Cheating and plagiarism are unacceptable.Plagiarismis “to use and pass off as one’s own the ideas or writing of another. It is an act of literacy theft”. If you cheat on a test or plagiarize other students work, you will fail the course.

  • The school policy on plagiarism declares: “Plagiarism is an illegal and unethical activity and will result in the student receiving a FAILING grade on the particular assignment and resubmission will not be allowed”.

  • Assignments must be submitted at the beginning of he class on the due date. (NOTE: No late assignments will be accepted. All submitted work must be original and must be YOUR OWN WORK).

  • Please turn off cell phones and beepers and refrain from background talking during class hours. Electronic devices are not allowed inside the classroom.



Final Grades

Introduction to the internet spring 2006 instructor arnoldo herrera

The Internet Big Picture

  • Evolution of the Internet

    • exponential growth

    • World wide connectivity

  • Security Concept

    • Designed for trusted, cooperative users

    • All security must be handled by the application

Introduction to networks

Introduction to Networks


A collection of interconnected functional units providing data communications

services among components attached to it. These components are comprised of

both hardware and software

To other networks



To other networks

Intrusion detection

Intrusion Detection

“The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators....”

  • Effective defensive measures require accurate detection

  • Intrusion detection systems (IDS) are a critical component of a complete security infrastructure

Introduction to the internet spring 2006 instructor arnoldo herrera


Internal network




Introduction to the internet spring 2006 instructor arnoldo herrera

A little technical detail

  • All Internet data is carried in chunks calledIP packets. (It’s a packet-switched network)

  • Packets are like postcards, they have:

    • a destination address,

    • a source address (unverified),

    • and a message (plainly visible).

  • Packets are also treated like postcards:

    • you send your packets into the network and it takes care of getting them to the destination address.

    • you don’t know what route your packet takes,

Overview of tcp ip internals

Overview of TCP/IP Internals

  • The Protocols

    • • TCP/IP is a suite of protocols including TCP and IP, UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), and several others.

    • • TCP/IP protocol suite does not conform exactly to the Open System Interconnection's seven layer model, but rather is pictured as shown:






Application Layer



Transport Layer



Network Layer

IP Packet

Physical Layer

Overview of tcp ip internals1

Overview of TCP/IP Internals

  • • TCP - Transmission Control Protocol

  • • UDP - User Datagram Protocol

    • - Higher level protocol

    • - Use destination port numbers to identify specific TCP or UDP service

    • - Use source port numbers to distinguish between multiple sessions

    • - Standard destination ports

    • - FTP data - port 20

    • - FTP control - port 21

    • - Telnet - port 23

    • - X11 (X-Windows) - port 6000

    • - SMTP (Simple Mail Transfer Protocol) - port 25

    • - Source ports are random above 1023

Tcp connections

TCP Connections

  • • TCP is a connection oriented protocol (UDP is not)

    • - TCP packets are sequenced

    • - TCP packets are acknowledged

    • - TCP packets are retransmitted, if necessary

  • • Example TCP connection handshake



Syn (1000) Ack = 0

Syn(2000),(1001) Ack = 1

(2001) Ack = 1

. . .

Iso reference model

ISO Reference Model

  • Open Systems Interconnection (OSI)

    • • Describes computer network communications.

    • • Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver.

    • • Each layer represents a different activity performed in the actual transmission of a message.

    • • Each layer serves a separate function

    • • Equivalent layers perform similar functions for sender and receiver

Introduction to the internet spring 2006 instructor arnoldo herrera






Data Link


ISO Reference Model

Presentation, Layer 6

Breaks message into blocks, text


Optional encryption

Application, Layer 7

Initiates message

Optional encryption

Session, Layer 5

Establishes user-to user session, header added

to show sender, receiver and sequencing

information, recover

Transport, Layer 4

Flow control, priority service,

information added concerning

the logical connection

Network, Layer 3

Routing, message blocking into packets,

routing information added to blocks

Data Link, Layer 2

Transmission error recovery, message

separation into frames, optional encryption,

header and trailer added for correct

sequencing and error detection

Physical, Layer 1

Physical signal transmission by individual bits.

Where does ssl live




Where Does SSL Live?

  • SSL resides above the TCP/IP and below HTTP protocols.

Application Layer

Network Layer

What does ssl provide

What Does SSL Provide?

  • Server authentication

  • Client authentication (optional)

  • Data encryption (optional)

What is information security

What is Information Security?

The Fundamentals:

  • Confidentiality (eavesdropping and data theft)

  • Integrity (data corruption and tampering)

  • Availability & Reliability (service denial and data loss)

  • Authentication

Introduction to the internet spring 2006 instructor arnoldo herrera

Security Technology

  • Authentication

  • Cryptography for confidentiality and integrity

  • Perimeter Defense - Firewalls

  • Intrusion Detection Systems

  • Security Scanners - an audit tool

Network security services

Network Security Services

  • There is overlap between these areas. Note that ISO lists the following:

  • Non-repudiation, access control, authentication, data confidentiality,

  • and data integrity

  • Access control

    • Enforcement of security policy when requests for access are made

  • Information Confidentiality

    • Protection of information from unauthorized disclosure

  • Information Integrity

    • Protection of information from unauthorized modification

  • Authentication and Non Repudiation

    • Insure the proper authentication of active system entities. Prevents

    • impersonation or masquerading

    • Prevent the repudiation of prior events

      • - Proof of origin

      • - Proof of receipt

  • Availability

    • Insure that the network services are both available and of appropriate

    • quality

Security problem sniffing

Security Problem: Sniffing

  • Sniffing is the passive effort of eavesdropping on a network line.

  • A network card is put into “promiscuous mode” in order to read packets.

  • Several sniffer programs are available for various protocols.

Security problem sniffing1

Security Problem: Sniffing

  • TCPDump – very popular, sophisticated.

  • Gobbler – MS-DOS based (can run in Windows 95, NT)

  • ETHLOAD – written for Ethernet as well as Token Ring networks with a variety of protocols (TCP/IP, DECnet, OSI, XNS, NetWare, NetBEUI).

  • Netman – offers a graphical model with updating network statistics.

Security problem sniffing2

Security Problem: Sniffing adskfjadqoeiubx dfgouynmihpjm nmn,nmxcvlkjd dfgouynmihpjm

000101010101010101000010 adskfjadqoeiubx dfgouynmihpjm nmn,nmxcvlkjd dfgouynmihpjm




Security problem sniffing3

Security Problem: Sniffing

  • Countermeasures

    • Checking for promiscuous interfaces on a workstation.

    • Log files that are generated are usually large.

    • Active hubs

    • Encryption

      • Kerberos (secret key based service for providing authentication)

      • Ssh

      • Deslogin

      • swIPe

    • One-time passwords

Ip spoofing

IP Spoofing

  • IP Spoofing takes place when an intruder transmits packets from outside a trusted environment.

  • The source IP address field contains an address of a trusted internal host.

Ip spoofing1

IP Spoofing

Ip spoofing2

IP Spoofing

  • IP Spoofing is a problem that is based on the lack of source authentication in version 4 of the Internet protocol.

  • A great deal of applications trust packets based on the source IP address.

  • Coupled with this trust, two assumptions exist which enable “spoofed” packets:

Ip spoofing assumption

IP Spoofing (Assumption)

  • The source IP address must be valid if the packet was able to route itself to a destination and route itself back to the source (with source routing turned off)

Ip spoofing assumption1

IP Spoofing (Assumption)

  • The connection is valid if the sender is able to maintain a conversation on the TCP level.





Ip spoofing3

Filename: ~rcg/.rhosts


IP Spoofing

  • An attack is only possible if the target host has a trust-relationship with at least one other host.

Ip spoofing countermeasure

IP Spoofing: Countermeasure

  • Properly configured firewalls capable of packet filtering provide the best means of defense against the IP spoofing attack.

Ip spoofing4

IP Spoofing

  • IP spoofing alone is mostly limited to providing anonymity for attacks that occur at the IP layer.

  • To perform an attack, IP spoofing must be combined with another strategy (e.g., sequence number prediction).

Security problem tcp sequence number prediction

Security Problem: TCP Sequence Number Prediction

  • TCP sessions are attacked through sequence number prediction.

  • Sequence numbers ensure that the application layer receives data in the same order that it was sent.

Introduction to the internet spring 2006 instructor arnoldo herrera

TCP Sequence Number Prediction

Tcp sequence number prediction

TCP Sequence Number Prediction

  • Segments are encapsulated within IP datagrams and there is no guarantee that the datagrams will follow the same route.

Tcp sequence number prediction1

TCP Sequence Number Prediction

  • The main vulnerability is that if an attacker can guess the correct sequence number, the target host’s TCP layer is capable of accepting any generated TCP segments from the attacker.

Tcp sequence number prediction2

TCP Sequence Number Prediction

  • TCP three-way handshake and data transfer.

Tcp session hijack

Hijacked Host

Attack Host

Target Host

SYN = 2000

Start of 3-way handshake

SYN = 6587, ACK = 2001

ACK = 6588

End of 3-way handshake

DATA= 2001

DATA= 2007

DATA = 2008

ACK = 2008

“ACKs” are Ignored

DATA= 2008

DATA = 2014

“DATAs” are Ignored

ACK = 2015

“ACKs” are Ignored

TCP Session Hijack

Session is now hijacked

Tcp hijacking

TCP Hijacking

  • TCP hijacking is used to dominate any TCP based application (e.g., rlogin, FTP, etc.).

Tcp hijacking countermeasures

TCP Hijacking: Countermeasures

  • Block all IP datagrams from the Internet that are source routed.

  • Block all IP datagrams that have source addresses originating from the internal network.

  • Eliminate all trust relationships between hosts that communicate across the Internet that do not use strong authentication and cryptography (i.e. .rhosts)

Denial of service

Denial of Service

  • Denial of service (DoS) is the class of attack designed to prevent the legitimate use of computers and networks.

  • It is an attack on the availability entity which has the most vulnerability.

  • These attacks are usually part of a larger plan…

Denial of service1

File Destruction

Process Degradation

Storage Degradation

Process/System Shutdown


Denial of Service

Attack Feints

Denial of service2

File Destruction

Denial of Service

  • Access to user, host or network files can render them unusable. Effects include: loss of accounts, services, etc. Viruses containing payloads of destruction as well as email offer attacks. Usenet newsgroups and BBS are also targets.

  • Login