1 / 26

Lecture 22 Network Security

Lecture 22 Network Security. CS 450/650 Fundamentals of Integrated Computer Security. Slides are modified from Hesham El-Rewini. Network Performance. Gilder’s Law George Gilder projected that the total bandwidth of communication systems triples every twelve months

rosina
Download Presentation

Lecture 22 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 22Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini

  2. Network Performance • Gilder’s Law • George Gilder projected that the total bandwidth of communication systems triples every twelve months • Ethernet: 10Mbps  10Gbps (1000 times) • CPU clock frequency: 25MHz  2.5GHz (100 times) • Metcalfe's Law • Robert Metcalfe projected that the value of a network is proportional to the square of the number of nodes • Phone, Internet CS 450/650 – Lecture 22: Network Security

  3. Internet • Internet is the collection of networks and routers • form a single cooperative virtual network • spans the entire globe • The Internet relies on the combination of the Transmission Control Protocol and the Internet Protocol or TCP/IP • The majority of Internet traffic is carried using TCP/IP packets CS 450/650 – Lecture 22: Network Security

  4. Application Application Presentation Presentation Session Session Transport Transport Network Network Data Link Data Link Physical Physical ISO OSI Network Model LAN LAN Internet CS 450/650 – Lecture 22: Network Security

  5. TCP/IP ssh sftp smtp Transmission Control Protocol (TCP) Internet Protocol (IP) Token ring Ethernet CS 450/650 – Lecture 22: Network Security

  6. TCP/IP Packets Physical Header IP Header TCP Header message CS 450/650 – Lecture 22: Network Security

  7. Addressing • MAC (Media Access Control) address • Every host connected to a network has a network interface card (NIC) with a unique physical address • IP address • IPv4  32 bits (192.168.48.6) • IPv6  128 bits CS 450/650 – Lecture 22: Network Security

  8. Routing • Routers • Routing Tables CS 450/650 – Lecture 22: Network Security

  9. IP Protocol • Best-effort packet delivery service • Datagram (IPv4) VERS HLEN Service Type TOTAL LENGTH IDENTIFICATION FLAGS FRAGMENT OFFSET TIME TO LIVE PROTOCOL HEADER CHECKSUM SOURCE ADDRESS DESTINATION ADDRESS OPTIONS (IF ANY) PADDING DATA CS 450/650 – Lecture 22: Network Security

  10. Internet Control Message Protocol • Transmit error messages and unusual situations • Different types of ICMP have slightly different format Type Code CHECKSUM Unused (must be zero) DATA: Header and 1st 64 bits of offending datagram ICMP time-exceeded message CS 450/650 – Lecture 22: Network Security

  11. ICMP (Echo request/reply) • Transmit error messages and unusual situations • Different types of ICMP have slightly different format Type Code CHECKSUM Identifier Sequence number DATA (optional) ICMP Echo Request/Reply Message CS 450/650 – Lecture 22: Network Security

  12. Ping of Death Attack • Denial of service attack (1st in 1996) • Some systems did not handle oversized IP datagrams properly • An attacker construct an ICMP echo request containing 65,510 data octets and send it to victim • Total size of resulting datagram would be larger than 65,535 octet limit specified by IP • System would crash CS 450/650 – Lecture 22: Network Security

  13. SMURF • Attacker send echo request message to broadcast address • Attacker also spoofs source address in the request Intermediary Victim Attacker CS 450/650 – Lecture 22: Network Security

  14. UDP (User Datagram Protocol) • From one application to another • multiple destinations • Port  positive integer • unique destination SOURCE PORT DESTINATION PORT LENGTH CHECKSUM (optional) DATA CS 450/650 – Lecture 22: Network Security

  15. Attacks on UDP • Fraggle • Trinoo CS 450/650 – Lecture 22: Network Security

  16. Fraggle (similar to smurf) • UDP port 7 is used for echo service • An attacker can create a stream of user datagram with random source port and a spoofed source address • Destination port is 7 and destination source is a broadcast address at some intermediate site • The attack can get worse if the source port = 7 • Could be prevented by filtering out UDP echo requests destined for broadcast addresses CS 450/650 – Lecture 22: Network Security

  17. Fraggle attack Victim’s host spoofed source broadcast destination random source port destination Port = 7 Stream of UDP datagrams Victim’s host spoofed source broadcast destination source Port = 7 destination Port = 7 Stream of UDP datagrams CS 450/650 – Lecture 22: Network Security

  18. Trinoo • Distributed denial of service • In smurf and fraggle, trafic comes from a single intermediate node • Trinoo allows attacker to flood the victim from hundreds intermediate sites simultaneously • Two programs: • master and • daemon • installed in many different stolen accounts CS 450/650 – Lecture 22: Network Security

  19. Trinoo attack attacker master master master master daemon daemon daemon daemon Large number of UDP packets to random ports CS 450/650 – Lecture 22: Network Security

  20. TCP • Reliable delivery • TCP messages are sent inside IP datagrams SOURCE PORT DESTINATION PORT SEQUENCE NUMBER Acknowledgment HLEN RESV CODE BITS WINDOW CHECKSUM URGENT POINTER OPTIONS (IF ANY) PADDING DATA CS 450/650 – Lecture 22: Network Security

  21. TCP Overview • TCP segments are sent inside IP datagrams • TCP divides a stream of data into chunks that fit in IP datagrams • It ensures that each datagram arrives at its destination • It then reassembles the datagrams to produce the original message CS 450/650 – Lecture 22: Network Security

  22. TCP Overview (cont.) • TCP uses an acknowledgment-and retransmission scheme • TCP sending software keeps a record of each datagram and waits for an acknowledgment • If no acknowledgment is received during the timeout interval, the datagram is retransmitted CS 450/650 – Lecture 22: Network Security

  23. TCP communication Message 1 (SYN + SEQ) Host B Host A Message 2 (SYN + SEQ + ACK) Message 3 (ACK) Establishing a TCP Connection Using a 3-way handshake Message 1 (FIN + SEQ) Host A Host B Message 2 (ACK) Closing a TCP Connection (one way A to B) CS 450/650 – Lecture 22: Network Security

  24. Attacks on TCP • SYN Flood • Half-opened connection table • LAND • Spoofed source address = destination address • Source port = destination port • Certain implementations  freezing • TRIBE Flood Network (TFN) • Similar to trinoo but more than one attack • UDP flood, smurf, SYN floods, and others CS 450/650 – Lecture 22: Network Security

  25. Probes and Scans • Ping scan and traceroute • What machines exist on a given network and how they are arranged • Remote OS fingerprinting • What OS each detected host is running • Different OS respond to invalid packets differently • Example: FIN to connection that has not been opened CS 450/650 – Lecture 22: Network Security

  26. Probes and Scans • Port Scanning • Which ports are open?  port scanner • Open a TCP connection and close it immediately • Use half opened connections CS 450/650 – Lecture 22: Network Security

More Related