ISO OSI 7 Layer model and 802. Introduction to wireless security. ISO OSI 7 Layer model and 802. ISO OSI 7 Layer model and 802. many topics to cover

Transcription

1 Introduction to wireless security slide 1 ISO OSI 7 Layer model and 802 slide 2 many topics to cover practicals will include use of Python to demonstrate theoretical concepts heavy use of secure shell in later weeks books Security, O Reilly, bybruce Potter and Bob Fleck SSH The Secure Shell, The Definitive Guide, O Reilly, bydaniel Barrett and Richard Silverman OSI data link layer OSI physical layer 802 LLC (Logical Link Control) MAC (Media Access Control) b a g ISO OSI 7 Layer model and 802 slide 3 ISO OSI 7 Layer model and 802 slide 4 Physical layer specifications PHYMax Data RateFrequency Modulation Mb/s 2.4GHz and IRFHSS and DSSS b 11Mb/s 2.4GHz DSSS a 22Mb/s 2.4GHz OFDM g 54Mb/s 5GHz OFDM n 74Mb/s 5GHz unknown n specification was released October 2009 throughput 54 Mb/s..600 Mb/s (depending upon modulation type and coding rate) key MAC =media access control (CSMA/CD 802.3) (CSMA/CA ) LLC = logical link control (packet format) FHSS = frequency hopping spread spectrum DSSS = direct sequence spread spectrum OFDM = orthogonal frequency division multiplexing

2 / Support Protocols slide 5 Denial of service slide 6 are another reason /s popularity DOS attacks aim to prevent access to resources by traffic choking the network may occur at any ofthe ISO OSI layers user process user process OSI Layers 5..7 can also occur by physical removal ofequipment ie disconnection more commonly the term refers to traffic choking UDP OSI Layer 4 ICMP ARP RARP OSI Layer 3 hardware interface OSI Layer 1..2 /UDP model slide 7 Header format slide source port destination port Reliable Stream () User Datagram (UDP) sequence number Internet () acknowledgement number Network Interface (802.3, , PPP, SL) HL reserved code EN bits checksum window urgent pointer options (if any) padding DATA

3 Header format slide 9 Header format slide 10 HLEN 4 bits header length = n 32 URG ACK PSH RST FIN CODE field meaning urgent pointer field valid ack field valid segment needs push reset connection synchronize sequence no.s sender reached end Services offered by / slide 11 operation slide 12 Layer Process Transport NN TP HT PO RC TP P3 MDS Protocols X rpc xdr NFS D N S TF TP UDP SN NP N T P DH CP Internet [ICMP, ARP, RARP] [EGP, BGP, IGMP] Data Link Data Link Data Link leased line Network SL PPP

4 Connection slide 13 slide 14 Denial of service: Flooding connection is via (request connection) server replies with ACK client sends ACK and connection is established a implementation typically only allows simultaneous connection establishments not to be confused with simultaneous connections, which are normally measured in 1000 s Client making a connection ACK ACK Server receiving a connection request flooding is where an attacker sends multiple s to a victim, flooding the establishment buffer normally implementations reset half open connections after several minutes provides a valuable window ofopportunity for attacker slide 15 Denial of service: Flooding Denial of service: Land attack slide 16 Attacker ACK Victim Server attacker creates false packet src address = victim.co.uk src port number = dest port number dest address = victim.co.uk ACK note the absence of an ACK from attacker victim does not know whether being attacked or message delay attacker sends packet and watches victim lock up or crash! solution firewall must be set up disallow any packet with same src/dest addresses inner router should be configured to only allow outgoing packets having source address of internal network

5 SSL slide 17 Denial of service: Smurf Attack slide 18 secure sockets layer is a security protocol that provides communications privacy across the Internet independent of application protocol when connection establishment occurs client and server exchange certificates both sides use certificates to encrypt and sign all information sent attacker.co.uk sets dest address as broadcast src address as victim.co.uk tcp port as chargen chargen generates a continual ASCII alphabet solution disable chargen application protocols remain identical however transport layer is encrypting and signing SSL is being superceeded by TLS (Transport Layer Security) Denial of service: Smurf Attack slide 19 Other varients of Smurf slide 20 can you think of a variant? attacker.co.uk 1packet sent m1 m2 m3 m4 m254 infinite packets victim.co.uk

6 Other varients of Smurf slide 21 Other varients of Smurf slide 22 obtain the sources to ping, and alter so that it continually sends ICMP packets, without any delay between transmission attacker creates false redirect ICMP packets with dest = nowhere.man src = broadcast.victim.co.uk dest = broadcast address src = victim.co.uk