Solution of Exercise Sheet 5



Similar documents
We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Lecture 23: Firewalls

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

FIREWALL AND NAT Lecture 7a

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CS5008: Internet Computing

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Chapter 8 Security Pt 2

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewall Implementation

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

OS/390 Firewall Technology Overview

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Introduction of Intrusion Detection Systems

Attack Lab: Attacks on TCP/IP Protocols

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Firewall Firewall August, 2003

EXPLORER. TFT Filter CONFIGURATION

Stateful Firewalls. Hank and Foo

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Firewall Configuration

Firewalls, Tunnels, and Network Intrusion Detection

Computer and Network Security Exercise no. 4

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Introduction to Computer Security

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Firewalls. Chapter 3

Intro to Firewalls. Summary

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Chapter 8 Network Security

A S B

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Security. TestOut Modules

Network Defense Tools

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Firewalls. Ahmad Almulhem March 10, 2012

Overview of TCP/IP. TCP/IP and Internet

CSCE 465 Computer & Network Security

Configuring Security for FTP Traffic

VPN Lesson 2: VPN Implementation. Summary

CSE 127: Computer Security. Network Security. Kirill Levchenko

Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from

Outline (Network Security Challenge)

Types of Firewalls E. Eugene Schultz Payoff

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

CTS2134 Introduction to Networking. Module Network Security

Network Security. Chapter 13. Internet Firewalls. Network Security (WS 07/08): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

NETWORK SECURITY (W/LAB) Course Syllabus

Computer Networks. Secure Systems

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Bypassing PISA AGM Theme Seminar Presented by Ricky Lou Zecure Lab Limited

Network Security in Practice

How To Understand A Firewall

Using SYN Flood Protection in SonicOS Enhanced

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Introduction to Computer Security

How to Make the Client IP Address Available to the Back-end Server

VLAN und MPLS, Firewall und NAT,

7. Firewall - Concept

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Proxy Server, Network Address Translator, Firewall. Proxy Server

CSCI 4250/6250 Fall 2015 Computer and Networks Security

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Firewall Design Principles Firewall Characteristics Types of Firewalls

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Firewalls and System Protection

Class Test 2 - e-security (CSN11102/11117) Semester 2, Session

ReadyNAS Remote White Paper. NETGEAR May 2010

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Firewalls. Network Security. Firewalls Defined. Firewalls

Innominate mguard Version 6

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006

Safeguards Against Denial of Service Attacks for IP Phones

Computer Networks/DV2 Lab

Topics NS HS12 2 CINS/F1-01

FIREWALLS & CBAC. philip.heimer@hh.se

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Fig : Packet Filtering

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Transcription:

Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =???? Figure 1: Communication scenario Solution of Exercise Sheet 5 1 Network packets Figure 1 shows the communication scenario for which a network trace (exercise- 5.pcapng) has been provided. The first task is to identify the actors and the protocols involved in the communication. (1 point) i. Identify the IP address of the client and the IP address of the server? Client IP address = 192.168.56.1 Server IP address = 192.168.56.101 (2 points) ii. List at least 3 application layer protocols that the client has used to establish a communication with the server? Application layer protocols: HTTP, TELNET, SSH (3 points) iii. Are these protocols secure or insecure? If they are insecure, what would be your suggestion for a replacement? HTTP and TELNET are insecure protocols. The secure replacement for these protocols are: HTTPS and SSH. 2 Packet Structure 1/6

Version (4 bits) Header Length (4 bits) Type of service (8 bits) Total Length (16 bits) Identification Flags Fragment Offset Time to live (TTL) Protocol Checksum Source IP Address (32 bits) Destination IP Address (32 bits) Options Data Figure 2: IP Header Source Port Number (16 bits) Destination Port Number (16 bits) Sequence Number Acknowledgement Number Checksum Control Bits (9 bits) Window Size Urgent Pointer Options Data Figure 3: TCP Header Select a package which has HTTP as a protocol and the info column says GET. Take a closer look to see the similarities and differences between it and the TCP/IP model as was described in the lecture. In wireshark, the protocol blocks are shown in the middle panel, i.e., details view. To expand each block and get all the details for the selected packet click on the + sign. Spend some time trying to understand the layered communication and answer the following questions: (2 points) i. Examine the selected HTTP request and identify the transport and the internet layer. Figure 2 and 3 show the header format of TCP and IP and different options in the header, as discussed in the lecture. Your task is to fill in the marked cells with the appropriate values from the selected HTTP request. In the packet trace provided for the exercise sheet there are two HTTP GET requests. Depending of the chosen request there are might be more then one correct answers. IP Header: Version = 4, Header Length = 20 bytes, Total Length = 407 (or 381), Time To Live = 128, Protocol = TCP, Source IP = 192.168.56.1, 2/6

Destination IP = 192.168.56.101 TCP Header: Source Port Number = 64122 (or 64126), Destination Port = 80, Window Size = 256 (2 points) ii. Can you extract any kind of data from the website? If yes, provide a small portion of that data. One simple example would be: <title>test Page for the Apache HTTP Server on Fedora</title> 3 Insecure protocols The client is using insecure protocol to log in to the server (see Figure 1). He is not aware that his username and password are sent via insecure communication channel. Your task as a security expert is to identify the problem and suggest a solution. (7 points) i. Identify the (insecure) protocol that the client has used to log in to the server. Which protocol has been used? What are his credentials? The client uses TELNET to connect to the remote server. His credentials are: username: testuser password: CSL2014@ (3 points) ii. What would you suggest as a secure protocol replacement? How does the replacement prevent the leakage? Explain your answer! The secure replacement would be SSH. 4 Network Firewalls In the lecture, we have seen stateless packet-filter firewalls, i.e. every packet is handled and checked against the list of configured access rules on an individual basis. In addition to stateless packet-filters, there are also stateful packet-filters (You can refer to https://en.wikipedia.org/wiki/stateful_firewall to get more information). (1 point) i. Briefly describe the difference of stateless and stateful packet-filters. 3/6

Some (propably too long) sample answer: A stateful firewall keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. It is capable of distinguishing legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected. A stateless firewall treats each network frame (or packet) in isolation. Such packet filters might function more efficiently because they only look at the header part of a packet. This is at the same time a drawback as they cannot check the context which makes them vulnerable to spoofing attacks. Stateless firewalls have no way of knowing whether any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. (3 points) ii. Name and briefly explain two advantages and disadvantages of stateful packet-filters. Should stateful packet-filters always be preferred over stateless filters? Why? Check wikipedia article, e.g.: + can use context (session/connection) for filtering + can defend against spoofing + necessary to allow some services (like FTP see below) - might be slower under heavy load - more complex and harder to administrate - require memory to track connections (2 points) iii. Name two concrete scenarios in which a stateless packet-filter cannot be used. Usage of secure protocols such as IPsec for tunneling and encryption. File Transfer Protocol (FTP). By design, such protocols need to be able to open connections to arbitrary high/unprivileged ports to function properly. Since a stateless firewall has no way of knowing 4/6

that the packet destined to the protected network (to some host s destination port 4970, for example) is part of a legitimate FTP session, it will drop the packet. (4 points) iv. We would like to test whether a firewall performs stateless or stateful inspection of TCP traffic. We assume that: The firewall filters traffic exchanged between two hosts (Host #1 and Host #2), as shown in Figure 4. The firewall allows Host #1 to access any Web server running on Host #2. The default security policy is Deny all. Moreover, we assume that five packets have been generated and exchanged (see Figure 4). By analyzing the accepted and denied packets, tell whether the firewall performs stateless or stateful packet inspection and briefly explain your answer. Figure 4: List of packets accepted and denied by the firewall To answer this question, students have to read how a tcp connection is established (1. syn to dest host, 2. syn ack to source host, 3. ack to dest host) The firewall performs stateful packet filtering. Host #1 initiates a FTP connection with source port 2000. Packet #1, #3, and #4 belong to the 5/6

three-way tcp handshake. Packet #2 is dropped as it does not belong to a connection (there were no prior packets for syn and syn ack). Packet #5 is accepted as it initiates a new telnet connection. A stateless packet filter would drop packet #3, due to the deny all rule (for unprivileged ports, here 2000). The FTP connection could not be established then. 6/6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information