Network Fundamentals. 2010 Carnegie Mellon University

Similar documents
Protocol Rollback and Network Security

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

The Application Layer: DNS

Web Security Considerations

How do I get to

Overview. SSL Cryptography Overview CHAPTER 1

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Communication Security for Applications

DATA COMMUNICATOIN NETWORKING

, SNMP, Securing the Web: SSL

CSE 127: Computer Security. Network Security. Kirill Levchenko

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

CipherMail Gateway Quick Setup Guide

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

Chapter 32 Internet Security

Communication Systems SSL

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Ethernet. Ethernet. Network Devices

Software Engineering 4C03 Research Project. An Overview of Secure Transmission on the World Wide Web. Sean MacDonald

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

IP address format: Dotted decimal notation:

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

FTP: the file transfer protocol

Networking Test 4 Study Guide

CSC Network Security

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Network Security TCP/IP Refresher

CSC 474 Information Systems Security

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Lab 7: Introduction to Pen Testing (NMAP)

Encryption. Administrator Guide

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Introduction to Computer Networks

Final for ECE374 05/06/13 Solution!!

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Chapter 8 Security Pt 2

1 Introduction: Network Applications

Authenticity of Public Keys

ETSF10 Part 3 Lect 2

Computer Networks - CS132/EECS148 - Spring

Chapter 9. IP Secure

Domain Name System (DNS)

SSL: Secure Socket Layer

Application. Transport. Network. Data Link. Physical. Network Layers. Goal

Wireshark DNS. Introduction. nslookup

The Domain Name System

What communication protocols are used to discover Tesira servers on a network?


Introduction to Network Operating Systems

Configuring SSL Termination

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

SSL Secure Socket Layer

VPN Lesson 2: VPN Implementation. Summary

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Computer Networks: Domain Name System

Chapter 17. Transport-Level Security

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Internet Security [1] VU Engin Kirda

Exam Questions SY0-401

CS101 Lecture 19: Internetworking. What You ll Learn Today

CS5008: Internet Computing

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Understanding Slow Start

Network Security Intro: A Historical Perspec8ve. CS 591 Guest Lecture Charles V. Wright cvwright@cs.pdx.edu

Application layer Protocols application transport

TLS and SRTP for Skype Connect. Technical Datasheet

Network Security Part II: Standards

Security vulnerabilities in the Internet and possible solutions

Configuring SSL Termination

Secure Sockets Layer

Computer security Lecture 9

Networks: IP and TCP. Internet Protocol

Network Layers. CSC358 - Introduction to Computer Networks

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Networking Overview. (as usual, thanks to Dave Wagner and Vern Paxson)

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

NET0183 Networks and Communications

CS3250 Distributed Systems

Computer and Network Security

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

1. LAB SNIFFING LAB ID: 10

Application Layer -1- Network Tools

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

BorderWare Firewall Server 7.1. Release Notes

Networking Domain Name System

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Solution of Exercise Sheet 5

Guideline for setting up a functional VPN

Firewalls. Chapter 3

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Use Domain Name System and IP Version 6

Web Application Entity Session Management using the eid Card Frank Cornelis 03/03/2010. Fedict All rights reserved

internet technologies and standards

Transcription:

Network Fundamentals

What We Will Cover Introduction Your Network Fundamentals of networks, flow, and protocols Malicious traffic External Events & Trends Malware Networks in the Broad Working Together Network dependencies Analysis Summary 2

The Internet Internet: Network of Networks Connected by routers, no central control Using common set of protocols Internet Protocol (IP) Application Transport Internet Physical flexible routing of information from source to destination Transmission Control Protocol (TCP) Sequencing of series of packets to transmit data reliably over Internet Other protocols running on top of IP: UDP one-directional burst of packets ICMP network management protocol BGP Router protocol IPSEC VPN traffic 3

How IP Works Packet switched: Flow of information broken into chunks Each routed independently by best route to destination Destination must reassemble into correct order (offset) Internet Address: Logical network (location) & Logical host (identity) Subnet masking & CIDR blocks V4 (1982) -- current version (32 bit addresses) V6 (1999) -- forthcoming version (128 bit addresses) 4

How TCP Works Header added to packets Connection: IPs and ports Service port Dynamic port Initial handshake SYNch sequence numbers (assembly/retransmit) nowledge SYNch (with data) Termination FINalize/ FIN ReSeT/ no ack SYN SYN- Data FIN FIN 5

Application Protocols On top of TCP and UDP (mostly) Sequences of packets to support common applications osmtp ohttp ohttps / TLS odns oothers? 6

Simple Mail Transfer Protocol TCP/25 by default Transfer-agent based Text Protocol Single connection, multiple messages (maybe) Easily forged Example from wikipaedia.org S: 220 smtp.example.com ESMTP Postfix C: HELO relay.example.org S: 250 Hello relay.example.org, I am glad to meet you C: MAIL FROM:<bob@example.org> S: 250 Ok C: RCPT TO:<alice@example.com> S: 250 Ok C: RCPT TO:<theboss@example.com> S: 250 Ok C: DATA S: 354 End data with <CR><LF>.<CR><LF> C: From: "Bob Example" <bob@example.org> C: To: Alice Example <alice@example.com> C: Date: Tue, 15 Jan 2008 16:02:43-0500 C: Subject: Test message C: Hello Alice. C: Your friend, Bob C:. S: 250 Ok: queued as 12345 C: QUIT S: 221 Bye {The server closes the connection} 7

HyberText Transfer Protocol TCP/80 or TCP/8080 Vast bulk of traffic Request/Response Stateless (almost) Requests: request-line headers (host) empty line optional message Request-line: GET url TRACE url PUT url OPTIONS HEAD url POST url DELETE url CONNECT Response: Status line (404, 200) Message (data) 8

SSL Record Format There are four content types: Handshake, 0x16 Negotiate encryption capabilities ChangeCipherSpec, 0x14 Flag the recipient that the encryption scheme has changed Prereq is a successful handshake Application, 0x17 The bulk of the data transfer Alert, 0x15 Errors and warnings Regardless of content type, the message is always encrypted with the current session state Content Type Version Length Authenticator 9

SSL Client Hello What happens when a client connects to an SSL server? 3-way handshake Client sends hello These are the encryption ciphers I can handle Here s a random seed number Here s the name of the server I m trying to connect to The client hello all fits in one packet SYN SYN- ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Encrypted Session Data EncryptedAlert FIN FIN 10

SSL Server Response Server replies to the client Server sends Hello Encryption and seed Server sends its certificate public key and usually cert chain Server sends Done Response usually takes more than one packet SYN SYN- ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Encrypted Session Data EncryptedAlert FIN FIN 11

SSL Client Response After the server is done: Behind-the-scenes, the client validates the certificate This only generates traffic if the client needs an updated CRL The client exchanges a session key The key is encrypted with the cert ChangeCipherSpec From now on, all traffic is encrypted SYN SYN- ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Encrypted Session Data EncryptedAlert FIN FIN 12

SSL Session Teardown When they re done Someone issues an alert It s encrypted, so we can t tell anything about it The TCP connection is torn down SYN SYN- ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Encrypted Session Data EncryptedAlert FIN FIN 13

Domain Name System More than just hostname IP Query hierarchy of nameservers Local nameserver (resolver): answer from cache or preloaded resolutions, may do recursive queries Authoritative nameserver: answer based on domains it covers, or recurse Root nameserver: answer top-level, delegate, or generate errors 14

DNS protocol UDP/53 or TCP/53 Client queries local (address, ptr, mx, ns, hinfo, any) Local responds from cache or queries to root Root responds with referral to TLD or error Local queries TLD TLD responds with referral to authority or error Local queries authority Authority sends answer Local sends answer 15

Other Protocols Wikipaedia is your friend! Want to know: Sequence of messages Packets/message Size range of packets Service ports/protocols Other application protocol characteristics 16

Peer to Peer Cloud discovery Fumble (past sites) Service ports Registered sites Join Export data (often stream) Import data (often slow) 17

Why do We Care? Know your network Services, servers Dependencies Know your threats Open vectors Non-protocol on service ports Signalling/Beaconing 18

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information