Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Transcription

1 IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright 2008 by Bob Brown Network Concepts Network: two or more computers connected by a communication medium Client-server: a network architecture with a few specialized servers (e.g. file servers, database servers, servers) providing services to many client computers. Computers on a network are called hosts or nodes. Connections are called links. Resilience A system is resilient when it has few or no single points of failure. Also called fault-tolerant. The opposite of resilient is brittle. Large networks tend to be resilient at the center and brittle at the edges. The Network Environment Anonymity Automation Distance Opaqueness Path diversity Network Topology Arrangement of nodes in a shared medium environment Logical topology (data flow) Physical topology (cabling scheme) Concerns: Boundary Ownership Administrative control Transmission Media Bounded media Twisted pair wiring Coaxial cable Optical fiber Unbounded media Terrestrial radio Short-range (Bluetooth) Mid-range (wireless networks) Long-range (microwave) Satellite Infrared 1

2 Protocols Protocols are rules for communicating TCP/IP: Transmission Control Protocol / Internet Protocol; the basic transport protocol of the Internet. HTTP: Hypertext Transfer Protocol; the protocol of the World Wide Web. Uses TCP/IP for transport. So, TCP/IP is a lower level protocol and HTTP is a higher level protocol. The Idea of a Protocol Stack The Internet model is slightly different from and simpler than the OSI model. The OSI Model The Internet Model 7. Application Layer 6. Presentation layer 5. Session Layer 4. Transport Layer 3. Network Layer 2. Data Link Layer 1. Physical Layer SMTP, HTTP, telnet, etc. TCP or UDP Internet Protocol (IP) Ethernet, WAN protocols, etc. Addressing Physical addressing (MAC addressing) Part of the network interface Used for local connections Logical addressing (IP addressing) Inter-network or inter-segment traffic Routers Connect dissimilar networks or dissimilar address spaces Convert format of the message to correspond to the protocol of the other network Network traffic is specifically addressed to the router Connect LANs to wide-area networks Types of Networks Local area networks A department, building, or campus Short distances, small scope Often physically protected Wide area networks Tens to thousands of miles Single control Possibly less physically secure Internetworks: Networks of networks The Internet A Network of Networks A common address space A common name space A collection of common communication protocols 2

3 A Network of Networks Vulnerabilities Anonymity Many points of attack Sharing Complexity Ill-defined perimeter Unknown path (uncertain routing) Why People Attack Challenge Fame/fun Espionage Organized crime Ideology Grudges Hacktivism Cyberterrorism Intelligence Gathering Port scanning Fingerprinting of applications and operating systems Availability of documentation Social engineering Information exchange: Web sites and chats Threats in Transmission Wiretapping Passive Active Susceptibility Bounded Media Packet sniffers Inductive coupling Optical fiber Susceptibility Unbounded media Radio, satellite, etc. Theft of service Protocol Flaws Problems with protocol specifications TCP sequence numbers authentication Problems with implementation Buffer overflows Ping of death 3

4 Impersonation Guessing credentials Access to credentials, e.g. through wiretapping Circumventing authentication Attack unauthenticated targets Attack trust systems, e.g..rhosts and.rlogin Spoofing Attacks Masquerade: One host pretends to be another, as in phishing attacks. Session hijacking Man-in-the-middle attack Confidentiality Threats Mis-delivery Exposure through interception Traffic analysis Integrity Threats Forgery or falsification Format failures Protocol and implementation failures Man-in-the-middle attack Web Sites Defacement Buffer overflow Dot-dot-slash Application vulnerabilities Programming errors Writable file systems SQL injection Cross-site scripting Remote execution Availability Threats Transmission failure Connection flooding echo requests syn flood chargen Ping of death (flaw in MS TCP/IP) Smurf attack (ping to broadcast address) Teardrop (malformed fragmented packets) Distributed DoS 4

5 Availability Threats Traffic redirection: By announcing bogus routes using BGP By compromising DNS Cache poisoning Compromise hosts file Active ( Mobile ) Code Cookies Executable code JavaScript ActiveX Java A word about cryptographic signing Execution by file type, and hidden extensions Where Attacks Come From Accomplished attackers Private business Criminal gangs Governments? Script kiddies A Note on Developing Policy What assets are you trying to protect? What are the risks to those assets? How well does a proposed solution mitigate those risks? What other risks might the security controls cause? What are the costs and trade-offs of the proposed solutions? From Beyond Fear by Bruce Schneier Questions 5