Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services



Similar documents
Chap. 1: Introduction

COSC 472 Network Security

IY2760/CS3760: Part 6. IY2760: Part 6

Notes on Network Security - Introduction

Internet Technology 2/13/2013

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Chapter 2 Application Layer. Lecture 5 FTP, Mail. Computer Networking: A Top Down Approach

Potential Targets - Field Devices

Internet Security [1] VU Engin Kirda

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Own your LAN with Arp Poison Routing

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

CS5008: Internet Computing

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

CS43: Computer Networks . Kevin Webb Swarthmore College September 24, 2015

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Content Teaching Academy at James Madison University

My FreeScan Vulnerabilities Report

Network Security. Network Security Hierarchy. CISCO Security Curriculum

ΕΠΛ 674: Εργαστήριο 5 Firewalls

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Basics of Internet Security

Thick Client Application Security

FTP and . Computer Networks. FTP: the file transfer protocol

Remote Logging. Tanveer Brohi(14cs28)

Cryptography and Network Security

Network Security Fundamentals

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Network Security Policy

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

CSCI-1680 SMTP Chen Avin

Workflow Configuration on R12/R11. High Level Steps. SENDMAIL configuration mostly done by System Administrator Workflow configuration for R12

Project 25 Security Services Overview

Cisco Secure PIX Firewall with Two Routers Configuration Example

The Trivial Cisco IP Phones Compromise

Cannot send Autosupport , error message: Unknown User

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Proxies. Chapter 4. Network & Security Gildas Avoine

Introduction to Security

FTP: the file transfer protocol

Lab 7: Introduction to Pen Testing (NMAP)

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

CMPT 471 Networking II

Security Type of attacks Firewalls Protocols Packet filter

Information System Security

Topics in Network Security

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

XGENPLUS SECURITY FEATURES...

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Packet Sniffing with Wireshark and Tcpdump

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

CSI Lab 1 : Exercise Find the IP address of Or, another way:

File Transfer Protocol (FTP) & SSH

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

- Basic Router Security -

Firewalls, Tunnels, and Network Intrusion Detection

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

TCP/IP Security Problems. History that still teaches

Device Log Export ENGLISH

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Packet Sniffing on Layer 2 Switched Local Area Networks

How do I load balance FTP on NetScaler?

A S B

Wireless Security: Secure and Public Networks Kory Kirk

Overview. Packet filter

1 Introduction: Network Applications

12. Firewalls Content

Advanced Settings. Help Documentation

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Security Goals Services

Introduction to Computer Security Benoit Donnet Academic Year

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Secure Mail Registration and Viewing Procedures

Basic Exchange Setup Guide

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Taxonomic Modeling of Security Threats in Software Defined Networking

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

Remote login (Telnet):

Overview of computer and communications security

SECURING INFORMATION SYSTEMS

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Articles Fighting SPAM in Lotus Domino

Chapter 7 Transport-Level Security

544 Computer and Network Security

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Wireless Network Security

Transcription:

Introduction -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services (c) Levente Buttyán (buttyan@crysys.hu) Attack, threat, and vulnerability security is about how to prevent attacks, or -- if prevention is not possible -- how to detect attacks and recover from them attack a deliberate attempt to compromise a system exploits vulnerabilities vulnerability a flaw or weakness in a system s design, implementation, or operation and management most systems have vulnerabilities not every vulnerability is exploited whether a vulnerability is likely to be exploited depends on the difficulty of the attack the perceived benefit of the attacker threat a possible way to exploit vulnerabilities a potential attack Introduction (basic concepts, examples, and main security services) 2

Types of system compromises incorrect status of some system resources (static char.) examples: loss of confidentiality of sensitive data (e.g., passwords) inappropriately set file access rights incorrect configuration files incorrect behavior of some system components (dynamic char.) examples: malfunctioning devices, programs, services,... decreased overall system dependability the system works but the quality of service provided is not acceptable Introduction (basic concepts, examples, and main security services) 3 Passive vs. active attacks passive attacks attempts to learn or make use of information from the system but does not affect system resources examples: eavesdropping message contents traffic analysis gaining knowledge of data by observing the characteristics of communications that carry the data even if message contents is encrypted, an attacker can still» determine the identity and the location of the communicating parties» observe the frequency and length of the messages being exchanged» guess the nature of the communication difficult to detect, should be prevented Introduction (basic concepts, examples, and main security services) 4

Passive vs. active attacks active attacks attempts to alter system resources or affect their operation examples: masquerade (spoofing) an entity pretends to be a different entity replay capture and subsequent retransmission of data modification (substitution, insertion, destruction) (some parts of the) legitimate messages are altered or deleted, or fake messages are generated if done in real time, then it needs a man in the middle denial of service normal use or management of the system is prevented or inhibited e.g., a server is flooded by fake requests so that it cannot reply normal requests difficult to prevent, should be detected Introduction (basic concepts, examples, and main security services) 5 Examples password sniffing in FTP password sniffing in TELNET mail forging with SMTP ARP spoofing Introduction (basic concepts, examples, and main security services) 6

FTP File Transfer Protocol typical FTP commands: client interface interface RETR filename retrieve (get) a file from the server STOR filename store (put) a file on the server TYPE type specify file type (e.g., A for ASCII) USER name name on server PASS password password on server server protocol protocol interpreter interpreter control connection (FTP commands and replies) protocol protocol interpreter interpreter data data transfer transfer function function data connection data data transfer transfer function function file system file system Introduction (basic concepts, examples, and main security services) 7 FTP security problems neither the control nor the data connection is protected passwords can be eavesdropped FTP is a text(ascii) based protocol, which makes password sniffing even easier files transmitted over the data connection can be intercepted and modified % ftp ftp.epfl.ch client server <TCP connection setup to port 21 of ftp.epfl.ch> 220 ftp.epfl.ch FTP server (version 5.60) ready. Connected to ftp.epfl.ch. Name: buttyan Password: kiskacsa USER buttyan 331 Password required for buttyan. PASS kiskacsa 230 User buttyan logged in. Introduction (basic concepts, examples, and main security services) 8

Telnet provides remote login service to s text (ASCII) based protocol Telnet Telnet client client Telnet Telnet server server login login shell shell kernel kernel terminal terminal driver driver TCP/IP TCP/IP TCP/IP TCP/IP pseudoterminaterminal pseudo- driver driver TCP connection Introduction (basic concepts, examples, and main security services) 9 Telnet security problems passwords are sent in clear client server % telnet ahost.epfl.ch <TCP connection setup to port 23 of ahost.epfl.ch> Connected to ahost.epfl.ch. Escape character is ^]. Login: b Login: bu Login: buttyan <Telnet option negotiation> UNIX(r) System V Release 4.0 Login: b u n Password: Password: k Password: kiskacsa k a <OS greetings and shell prompt, e.g., % > Introduction (basic concepts, examples, and main security services) 10

SMTP Simple Mail Transfer Protocol sending host agent agent mails to be sent local local SMTP TCP connection SMTP TCP port 25 receiving host local local SMTP SMTP agent agent mailbox Introduction (basic concepts, examples, and main security services) 11 SMTP cont d SMTP is used by s to talk to each other SMTP is a text (ASCII) based protocol sending (rivest.hit.bme.hu) receiving (shamir.hit.bme.hu) <TCP connection establishment to port 25> HELO rivest.hit.bme.hu. 250 shamir.hit.bme.hu Hello rivest.hit.bme.hu., pleased to meet you MAIL from: buttyan@rivest.hit.bme.hu 250 buttyan@rivest.hit.bme.hu... Sender ok RCPT to: hubaux@lca.epfl.ch 250 hubaux@lca.epfl.ch Recipient ok DATA 354 Enter mail, end with a. on a line by itself <message to be sent>. 250 Mail accepted QUIT 221 shamir.hit.bme.hu delivering mail Introduction (basic concepts, examples, and main security services) 12

SMTP security problems SMTP does not provide any protection of e-mail messages messages can be read and modified by any of the s involved fake messages can easily be generated (e-mail forgery) Example: % telnet frogstar.hit.bme.hu 25 Trying... Connected to frogstar.hit.bme.hu. Escape character is ^[. 220 frogstar.hit.bme.hu ESMTP Sendmail 8.11.6/8.11.6; Mon, 10 Feb 2003 14:23:21 +0100 helo abcd.bme.hu 250 frogstar.hit.bme.hu Hello [152.66.249.32], pleased to meet you mail from: bill.gates@microsoft.com 250 2.1.0 bill.gates@microsoft.com... Sender ok rcpt to: buttyan@ebizlab.hit.bme.hu 250 2.1.5 buttyan@ebizlab.hit.bme.hu... Recipient ok data 354 Enter mail, end with "." on a line by itself Your fake message goes here.. 250 2.0.0 h1ado5e21330 Message accepted for delivery quit 221 frogstar.hit.bme.hu closing connection Connection closed by foreign host. % Introduction (basic concepts, examples, and main security services) 13 Be careful, though! Return-Path: <bill.gates@microsoft.com> Received: from frogstar.hit.bme.hu (root@frogstar.hit.bme.hu [152.66.248.44]) by shamir.ebizlab.hit.bme.hu (8.12.7/8.12.7/Debian-2) with ESMTP id h1adssxg022719 for <buttyan@ebizlab.hit.bme.hu>; Mon, 10 Feb 2003 14:28:54 +0100 Received: from abcd.bme.hu ([152.66.249.32]) by frogstar.hit.bme.hu (8.11.6/8.11.6) with SMTP id h1ado5e21330 for buttyan@ebizlab.hit.bme.hu; Mon, 10 Feb 2003 14:25:41 +0100 Date: Mon, 10 Feb 2003 14:25:41 +0100 From: bill.gates@microsoft.com Message-Id: <200302101325.h1ADO5e21330@frogstar.hit.bme.hu> To: undisclosed-recipients:; X-Virus-Scanned: by amavis-dc Status: Your fake message goes here. Introduction (basic concepts, examples, and main security services) 14

ARP Address Resolution Protocol mapping from IP addresses to MAC addresses Request 08:00:20:03:F6:42 00:00:C0:C2:9B:26.1.2.3.4.5 140.252.13 arp req target IP: 140.252.13.5 target eth:? Reply 08:00:20:03:F6:42 00:00:C0:C2:9B:26.1.2.3.4.5 140.252.13 arp rep sender IP: 140.252.13.5 sender eth: 00:00:C0:C2:9B:26 Introduction (basic concepts, examples, and main security services) 15 ARP spoofing an ARP request can be responded by another host Request 08:00:20:03:F6:42 00:00:C0:C2:9B:26.1.2.3.4.5 arp req target IP: 140.252.13.5 target eth:? 140.252.13 Reply 08:00:20:03:F6:42 00:34:CD:C2:9F:A0 00:00:C0:C2:9B:26.1.2.3.4.5 arp rep sender IP: 140.252.13.5 sender eth: 00:34:CD:C2:9F:A0 140.252.13 Introduction (basic concepts, examples, and main security services) 16

Security services services that are provided by a system to give a specific kind of protection to system resources implement security policies, implemented by security mechanisms main security services: access control authentication confidentiality integrity non-repudiation + availability (not really a service, rather a property) Introduction (basic concepts, examples, and main security services) 17 Communication security services authentication aims to detect masquerade (spoofing) provides assurance that a communicating entity is the one that it claims to be peer entity authentication data origin authentication confidentiality protection of information from unauthorized disclosure information can be content of communications (content) confidentiality meta-information (derived from observation of traffic flows) traffic flow confidentiality Introduction (basic concepts, examples, and main security services) 18

Communication security services integrity protection aims to detect modification and replay provides assurance that data received are exactly as sent by the sender in case of a stream of messages (connection oriented model), integrity means that messages are received as sent, with no duplication, modification, insertion, deletion, reordering, or replays non-repudiation provides protection against denial by one entity involved in a communication of having participated in all or part of the communication non-repudiation of origin non-repudiation of delivery Introduction (basic concepts, examples, and main security services) 19 Placement of security services some services can more naturally be implemented at the application layer (e.g., non-repudiation, access control) some services better fit in the link layer (e.g., traffic flow confidentiality) but many services can be provided at any layer (e.g., authentication, confidentiality, integrity) lower layer (e.g., link-by-link encryption): services are generic, can be used by many applications protection mechanisms are transparent to the higher layer (e.g., end-to-end authentication): services are more application specific more awareness Introduction (basic concepts, examples, and main security services) 20

Summary basic concepts vulnerability, threat, attack, security service, security mechanism passive vs. active attacks eavesdropping, traffic analysis, masquerade (spoofing), modification, replay, denial of service authentication, access control, confidentiality, integrity, nonrepudiation, availability some real world examples ARP spoofing, e-mail forgery, eavesdropping Telnet and FTP passwords Introduction (basic concepts, examples, and main security services) 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information