1 / 57

LAN Security

LAN Security. Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations. TCP/IP Stack. Apps: FTP, Telnet, SNMP, SMTP, TFTP HTTP, DNS Transport: TCP, UDP IP: IP, ICMP, GCMP, IPSEC Ethernet: ARP, RARP. Applications. Transport. IP. Data Link.

rachel
Download Presentation

LAN Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations

  2. TCP/IP Stack Apps: FTP, Telnet, SNMP, SMTP, TFTP HTTP, DNS Transport: TCP, UDP IP: IP, ICMP, GCMP, IPSEC Ethernet: ARP, RARP Applications Transport IP Data Link Physical

  3. Ethernet FrameEncapsulation • Ethernet Frame Length • Header – 14 bytes, CRC – 4 bytes, Payload • 64 <= Total Length <= 1518 bytes • Ethernet Frame Payload Length • Maximum 1500 bytes • Minimum 46 bytes • Padding to a multiple of ?? Padding Header Data >= 46 bytes CRC Preamble and 802.1AE – Wikipedia Separate presentation with GCM

  4. Ethernet Frame Header Bit 0 111 47 48 95 96 Destination MAC Address Source MAC Address Type or Size Type or Size Field <= 1500 = 0x05dc – Size of 802.3 LLC/SNAP Data > 1500 = 0x05dc – Type of Frame Value Meaning 0x0800 IPv4 0x86dd IPv6 0x0806 ARP 0x809b Apple Talk 0x6559 Frame Relay

  5. What Goes Inside • ARP, RARP Messages • IP datagrams • ICMP • IGMP • TCP • UDP

  6. ARPAddress Resolution Protocol Resolves IP Address to MAC Address Bit 0 15 16 31 HW Addr Type Proto Addr Type Proto Addr Len HW Addr Len Operation Sender Hardware Address Sender Protocol Address Target Hardware Address Target Protocol Address

  7. ARPOperation Codes 1 ARP request 2 ARP response 3 RARP request 4 RARP response 5 etc. . . . 9 etc.

  8. IP Datagram (IPv4)RFC 791 • Internet Protocol • RFC 791 • Connectionless communication • Best effort delivery • Virtual addressing

  9. IP Datagram Format Total datagram size constraints Maximum 216 -1 bytes Header length between 20 and 60 bytes Header Payload

  10. IP Datagram Header 15 16 Bit 0 31 Diff. or Type of Services Hlen Ver Total length R s v F r g L s t Fragment Offset Identification Time to Live Protocol Header Checksum Source Address Destination Address Options Padding

  11. IP Datagram (cont) Ver IP Version 4 or 6 Hlen Header length in 32 bit words Total Length Total length of datagram in octets Note: Total length = Header + Payload Source Address IP address of sender Destination Address IP address of destination Header Checksum 16 bit one's complement checksum of header

  12. Service Type Field

  13. Type of Service

  14. Differentiated ServicesRFC 2474 & 2475 A method for differentiating services for network traffic 6 high order bits of the field DSCP – differentiated services code point Determines PHB – Per-Hop Behavior Often the the DSCP is set by a router based on traffic Sometimes the DSCP is set by the content of the packet VoIP, RTP are treated differently than e-mail RFC 2597 & 2598 have set some DSCP values

  15. Differentiated ServicesCongestion Control Pool ECN DSCP DSCP Differentiated Services Code Point Pool 0 for use Pool 1 for experimental use ECN Explicit Congestion Notification Differentiated services describes the types of services to be applied to this datagram. Congestion Notification (ECN and CE) provides devices a way to notify each other that a link is congested.

  16. Differentiated ServicesAssured Forwarding Assured Forwarding PHB – RFC 2579 Bits 0, 1, 2 determine the class of service Packets with the same class will be granted similar services Available bandwidth, quality, etc. Services are determined by router Bits 3, 4 determine the drop precedence Low, medium, high Indicates who gets dropped first during router congestion

  17. Assured ForwardingRFC 2597

  18. Differentiated ServicesExpedited Forwarding A Per Hop Behavior for services such as virtual leased lines. Low loss, low latency, low jitter, end-to-end service through a differentiated services domain. VoIP, video conferencing etc.

  19. Expedited ForwardingRFC 3246

  20. Explicit Congestion NotificationRFC 3168 Permits routers to mark packets about congestion rather than dropping them. Also routers can indicate that they are ECN capable, i.e. ECT (ECN-Capable Transport)

  21. Protocol Field

  22. Time To Live Field TTL – Time to live Every router that forwards the datagram decrements this field by 1. The first to decrement the TTL field to zero must respond to originator with an ICMP message.

  23. TTL Initialization Different OS 's initialize this field to different values

  24. Fragmentation Flags Rsv, Frg, and Lst bits • Rsv – Reserved • Frg – 0 May fragment 1 Do not fragment • Lst – 0 Last fragment 1 More fragments

  25. Fragment Offset This field indicates where, i.e which octet, in the datagram payload this fragment belongs. The offset is measured in units of 8 octets (64 bits). The first fragment has offset zero (0).

  26. Identification • ID field allows all fragments of a datagram to be associated • Different OS's choose the ID differently • Linux Random ID and increments by 1 • BSD Random each time • Others Random ID and increments by 1

  27. IP Options Copy Class Number Value Name ---- ----- ------ ----- ------------------------------- 0 0 0 0 EOOL - End of Options List 0 0 1 1 NOP - No Operation 1 0 2 130 SEC - Security 1 0 3 131 LSR - Loose Source Route 0 2 4 68 TS - Time Stamp 1 0 5 133 E-SEC - Extended Security 1 0 6 134 CIPSO - Commercial Security 0 0 7 7 RR - Record Route 1 0 8 136 SID - Stream ID 1 0 9 137 SSR - Strict Source Route 1 0 16 144 IMITD - IMI Traffic Descriptor 1 0 17 145 EIP - Extended Internet Protocol 0 2 18 82 TR - Traceroute 1 0 19 147 ADDEXT - Address Extension 1 0 20 148 RTRALT - Router Alert 1 0 21 149 SDB - Selective Directed Broadcast 1 0 23 151 DPS - Dynamic Packet State 1 0 24 152 UMP - Upstream Multicast Pkt.

  28. ICMP • Internet Control Message Protocol • RFC 792 • Used to • Return error codes • Perform network testing • Sent within an IP datagram • Highly abused protocol

  29. ICMP Message Format 15 16 7 8 Bit 0 31 Message Type Message Code Checksum Identifier Sequence Number Payload

  30. ICMP Message Types Type Description 0 Echo Reply 3 Destination Unreachable 4 Source Quench 5 Redirect 8 Echo Request 9 Router Advertisement 10 Router Selection 11 Time Exceeded Type Description 12 Parameter Problem 13 Timestamp 14 Timestamp Reply 15 Information Request 16 Information Reply 17 Address Mask Request 18 Address Mask Reply 30 Traceroute

  31. ICMP Message Codes Type 0 Echo Reply Code Description 0 etc.

  32. ICMP Message Codes Type 3 Destination Unreachable Code Description 0 Net Unreachable 1 Host Unreachable 2 Protocol Unreachable 3 Port Unreachable 4 Frag Needed & DF Set 5 Source Route Failed 6 Dest Net Unknown 7 Dest Host Unknown 8 Source Host Isolated etc.

  33. ICMP Message Codes Type 8 Echo Request Code Description 0 etc.

  34. ICMP Fields • Checksum is of the entire ICMP message • Identifier aides in matching requests/replies • Sequence # aids in reassembly • The data field has a number of uses • The data field must be padded to a even number of octets

  35. ICMP Payload • Used for information, e.g. • Echo request/reply: Information to be sent • Time exceeded: First 64 octets of IP datagram dropped • Etc.

  36. Client - ServerParadigm • Layer 4 • Network applications use the client-server model for communication • The client • Executes locally • Initiates communication with the server • The server • Executes as a shared resource • Waits passively for an arbitrary unknown client • Accepts many connections at the same time

  37. Client - ServerParadigm • Host system • Must simultaneously run many server applications • Must keep communication with each server app separate • Host system has only one IP address • Uses the concept of Port Number to maintain the integrity of the apps

  38. Ports • Standard port numbers assigned to a server application by RFC 1700 • Client uses standard numbers to request a network service • TCP/UDP assigns dynamically allocated client port number • The protocol ID (IP header) and the port #'s uniquely identify server & client

  39. Port Numbers • Latest IANA port assignmentshttp://www.iana.org/assignments/port-numbers • Well Known Ports are those from 0 through 1023 • Registered Ports are those from 1024 through 49151 • Dynamic and/or Private Ports are those from 49152 through 65535 • RFC 1700, ``Assigned Numbers'' (October 1994)

  40. Standard Port Numbers0 – 1024 • Assigned to well known network services • Primarily used by server applications • Controlled by IANA

  41. Some Common Port Numbers echo 7/tcp echo 7/udp ftp-data 20/tcp ftp-data 20/udp ftp 21/tcp ftp 21/udp fsp fspd ssh 22/tcp # SSH ssh 22/udp # SSH telnet 23/tcp telnet 23/udp smtp 25/tcp mail # mail smtp 25/udp mail # mail domain 53/tcp # name-domain server domain 53/udp http 80/tcp www www-http # WorldWideWeb HTTP http 80/udp www www-http # http kerberos 88/tcp kerberos5 krb5 # Kerberos v5 kerberos 88/udp kerberos5 krb5 # Kerberos v5 https 443/tcp # MCom https 443/udp # MCom

  42. Layer 4 Protocols • UDP – User Datagram Protocol • TCP – Transmission Control Protocol

  43. UDP • Connectionless transport • No guaranteed delivery • No error messages

  44. UDP DatagramRFC 768 15 16 Bit 0 31 Destination Port Source Port UDP Length Checksum UDP Data

  45. UDP Header Fields • Ports are layer 5 application ports • Length is in bytes including the header and data • Length should be in even number of octets • Checksum of all 16 words in the header and UDP data

  46. TCP • Transmission Control Protocol • RFC – 793 • Connection Oriented • Reliable transport • Full Duplex communication • Stream interface • Point-to-point communication

  47. TCP Header Format 15 16 Bit 0 31 Source Port Destination Port Sequence Number Acknowledge Number Flags 8 C WR R S T S Y N F I N E CE URG ACK P SH Offset Unused Window Checksum Urgent Pointer Options Padding

  48. Header FieldsSequence # • Sequence# indicates the byte position of the first octet of the current datagram within the data stream • Usually starts with a random number and wraps if it exceeds 232 • If a SYN is present, the Seq # is the initial sequence number. • Each successive Seq# is the previous Seq # + the payload size in octets.

  49. Header Fields Acknowledgment # • Ack# indicates the next Seq# expected and that the sender has correctly processed datagrams to that point within the data stream • Insures the connected stream has not dropped any data

  50. Header Fields cont'd • Offset • 4-bit field is the length of the TCP Header in 32-bit words including options • Window • 16-bit field for the number of octets the sender is willing to accept • Urgent Pointer • Field (byte) in the data stream that is urgent. Receiver will skip to this field if URG bit is set

More Related