dr. bhavani thuraisingham the university of texas at dallas (utd) july 2013

Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)

July 2013

Telecommunications and Network Security

Domain Agenda• Networks • Network Security• Physical• Data Link• Network• Transport• Session• Presentation• Application• Telephony• Services

OSI Model

• The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

• It is a way of sub-dividing a communications system into smaller parts called layers. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives services from the layer below it.

• On each layer an instance provides services to the instances at the layer above and requests service from the layer below.

OSI Reference Model• Layer 7: Application• Layer 6: Presentation• Layer 5: Session• Layer 4: Transport• Layer 3: Network• Layer 2: Data Link• Layer 1: Physical

TCP/IP• In the TCP/IP model of the Internet, protocols are not as rigidly designed into

strict layers as the OSI model.• TCP/IP does recognize four broad layers of functionality which are derived from

the operating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and lastly the scope of the direct links to other nodes on the local network.

• The Internet Application Layer includes the OSI Application Layer, Presentation Layer, and most of the Session Layer. Its end-to-end Transport Layer includes the graceful close function of the OSI Session Layer as well as the OSI Transport Layer. The internetworking layer is a subset of the OSI Network Layer (see above), while the Link Layer includes the OSI Data Link and Physical Layers, as well as parts of OSI's Network Layer.

Network Security• Issues and Concerns

– Non-repudiation– Redundancy

• Risks– Network is the key asset in many organizations– Network Attacks

• Attacks– Network as a channel for attacks– Network as the target of attack

Network Security• Defense in Depth

– Series of hurdles– Collection of controls

• Security controls:– Are built around social, organizational, procedural and technical activities– Will be based on the organization’s security policy

• Security Objectives and Attacks– Business risk vs. Security solutions– Attack scenarios– Network entry point

• Inbound vs. Outbound attacks

• Methodology of Attack– Attack trees– Path of least resistance

Target Related Issues• Acquisition

– Attacks start by gathering intelligence– Controls

• Limit information on a network; Distract an attacker

• Analysis– Analyze target for security weaknesses

• Access – Obtain access to the system– Manage user privileges– Monitor access

• Target Appropriation– Escalation of privileges– Attacker may seek sustained control of the system– Controls against privilege escalation

Network Security Tools• Tools automate the attack processes• Network security is more than just technical implementations• Scanners

– Discovery scanning– Compliance scanning– Vulnerability scanning

Layer 1: Physical Layer• Bits are converted into signals• All signal processing is handled here• Physical topologies

Communication Technology• Analog Communication

– Analog signals use frequency and amplitude– Transmitted on wires or with wireless devices

• Digital communications– Uses different electronic states– Can be transmitted over most media– Integrity of digital communication is easier– Digital communication brings quantitative and qualitative enhancements

Network Topology• Even small networks are complex• Network topology and layout affect scalability and security• Wireless networks also have a topology• Ring Topology

– Closed-loop topology– Advantages

• Deterministic

– Disadvantages• Single point of failure

Network Topology• Bus Topology

– LAN with a central cable to which all nodes connect– Advantages

• Scalable; Permits node failure

– Disadvantages• Bus failure

• Tree Topology– Devices connect to a branch on the network– Advantages

• Scalable; Permits node failure

– Disadvantages• Failures split the network

Network Topology• Mesh Topology

– Every node network is connected to every other node in the network – Advantages

• Redundancy

– Disadvantages• Expensive; Complex; Scalability

• Star Topology– All of the nodes connect to a central device– Advantages

• Permits node/cable failure; Scalable

– Disadvantages• Single point of failure

Cable Selection Considerations• Throughput• Distance between devices• Data sensitivity• Environment• Twisted Pair

– One of the simplest and cheapest cabling technologies– Unshielded (UTP) or shielded (STP)

Unshielded Twisted Pair (UTP)Category Transmission Rate Use

Category 1 < 1 Mbps Analog voice and basic interface rate (BRI) in Integrated Services Digital Network (ISDN)

Category 2 < 4 Mbps 4 Mpbs IBM Token Ring LAN

Category 3 16 Mbps 10 Base-T Ethernet

Category 4 20 Mbps 16 Mbps Token Ring

Category 5 100 Mbps 100 Base-TX and Asynchronous Transfer Mode (ATM)

Category 5e 1000 Mbps 1000 Base-T Ethernet

Category 6 1000 Mbps 1000 Base-T Ethernet

Coaxial Cable (Coax)• Conducting wire is thicker than twister pair

– Bandwidth– Length

• Expensive and physically stiff

Fiber Optics• Three components

– Light source– Optical fiber cable

• Two types

– Light detector

• Advantages• Disadvantages

Wireless Transmission Technologies• 802.11 – WLAN• 806.16 – WMAN, WiMAX• Satellite• Bluetooth• IrDA• Microwave• Optical

Wireless Multiplexing TechnologiesTechnology Principle Objective

Direct Sequence Spread Spectrum (DSSS)

Spread transmission over a wider-frequency band

Signal less susceptible to noise

Frequency-Hopping Spread Spectrum (FHSS)

Spread signal over rapidly changing frequencies

Interference

Orthogonal-Frequency Division Multiplexing (OFDM)

Signal is subdivided into sub-frequency bands

Physical Layer: Equipment Agenda• Patch panel• Modem• Cable modem• Digital subscriber line• Hub and repeater• Wireless access points

• Patch Panels– Provide a physical cross-connect point for devices– Alternative to directly connecting devices– Centralized management

• Modem– Convert a digital signal to analog– Provide little security

• War dialing

– Unauthorized modems

Physical Layer: Equipment Agenda

• Cable Modem– PCF Ethernet NIC connects to a cable modem– Modem and head-end exchange cryptographic keys– Cable modems increase the need to observe good security practices

• Digital Subscriber Line– Use CAT-3 cables and the local loop

• Asymmetric Digital Subscriber Line (ADSL)• Rate-Adaptive DSL (RADSL)• Symmetric Digital Subscriber Line (SDSL)• Very high bit rate DSL (VDSL)

Physical Layer: Equipment Agenda

• Hubs– Used to implement a physical star/logical bus topology– All devised can read and potentially modify the traffic of other devices

• Repeaters– Allow greater distances between devices

• Wireless Access Points (WAPS)– Access Point (AP)– Multiple Input Multiple Output (MIMO)

Physical Layer: Equipment Agenda

Standard Connections• Types of connectors

– RJ-11– RJ-45– BNC– RS-232

• Cabling standards– TIA/EIA-568

Physical Layer Threats and Controls• Attacking

– Wire– Wireless– Equipment: Modems

• Controls– Wire

• Shielding• Conduit• Faraday cage

– Wireless• Encryption• Authentication

– Equipment• Locked doors and cabinets

Layer 2: Data Link Layer• Connects layer 1 and 3• Converts data from a signal into a frame• Transmits frames to devices• Linker-Layer encryption• Determines network transmission format

Synchronous/Asynchronous Communications

• Synchronous– Timing mechanism synchronizes data transmission– Robust error checking– Practical for high-speed, high-volume data

• Asynchronous– Clocking mechanism is not used– Surrounds each byte with bits that mark the beginning and end of

transmission

Unicast, Multicast and Broadcast Transmissions

• Multicasts• Broadcasts

– Do not use reliable sessions

• Unicast

Unicast – Point-to-Point• ISDN (Integrated Services Digital Network)• T’s (T Carriers)• E’s (E Carriers)• OC’s (Optical Carriers)

Integrated Service Digital Network (ISDN)

B (Bearer) Channel 64kBit/s

D (Delta) Channel 16KBit/s

BRI (Basic Rate Interface) 2*B+I*D = 144kBit/s

PRI (Primary Rate Interface) North America

23*B+I*D = 1.55MBit/s (TI)

PRI Europe and Australia 30*B+I*D = 2MBit/s (EI

“T” Carrier

Channel Multiplex Ratio Bandwidth

T1 1xT1 1.544 Mbps

T2 4xT1 6.312 Mbps

T3 7xT2 = 28xT1 44.736 Mbps

T4 6xT3 = 168xT2 274.176 Mbps

“E” Carrier

Channel Multiplex Ratio Bandwidth

E1 1xE1 2.058 Mbps

E2 4xE1 8.848 Mbps

E3 4xE2 = 16xE1 34.304 Mbps

E4 4xE3 = 64xE2 139.264 Mbps

“OC” Optical Carrier STS

Optical Level Bandwidth

OC1 51.84 Mbps

OC3 155.52 Mbps

OC12 622.08 Mbps

OC48 2488.32 Mbps

OC192 9953.28 Mbps

Circuit-switched vs.Packet-switched Networks

• Circuit-switched– Dedicated circuit between endpoints– Endpoints have exclusive use of the circuits and its bandwidth

• Packet-switched– Data is divided into packets and transmitted on a shared network– Each packet can be independently routed on the network

• Switched vs. Permanent Virtual Circuits– Permanent Virtual Circuits (PVC)– Switched Virtual Circuits (SVC)

Carrier Sense Multiple Access• Only one device may transmit at a time• There are two variations

– Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)– Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

Polling to Avoid Contention• Slave device needs permission from a master device• Used mostly in mainframe protocols• Optional function of the IEEE 802.1 1 standard

Token Passing• A token is a special frame that circulates through the ring• Device must possess the token to transmit• Token passing is used in Token Ring (IEEE 802.5) and FDDI

Bridges and Switches• Bridges

– Layer 2 devices that filter traffic between segments based on MAC addresses

– Can connect LANs with unlike media types– Simple bridges do not reformat frames

• Switches– Multi-port devices to connect LAN hosts– Forward frames only to the specified MAC address– Increasingly sophisticated– Also forward broadcasts

Multiplexer/Demultiplexer• Combining or splitting signals• Technologies

– TDM – Time– FDM – Frequency– WDM – Wave

Wireless Local Area Networks• Allow mobile users to remain connected• Extend LANs beyond physical boundaries

Wireless Standards : IEEE 802• 802.1 1b• 802.1 1a• 802.1 1g• 802.1 1n / Multiple Input Multiple Output• 802.1 1i / Security• 802.1 6 / WiMAX• 802.1 5 / Bluetooth• 802.1 x / Port security

Ethernet (IEEE 802.3)• Most popular LAN architecture• Support bus, star, and point-to-point topologies• Currently supports speed up to 10000 Mbps

Protocols• Address Resolution Protocols (ARP)

– ARP (RFC 826)– RARP (RFC 903)– ARP Cache Poisoning

• Point-to-Point Protocol (PPP)– RFC 1331

• Encapsulation• Link Control Protocol (LCP)• Network Control Protocols

• Password Authentication Protocol (PAP)– Identification and authentication of remote entity– Uses a clear text, reusable (static) password– Supported by most network devices

Challenge Handshake Authentication Protocol

• CHAP– Periodically re-validates users– Standard password database is unencrypted– Password is sent as a one-way hash– CHAP Process

• MSCHAP• The Nonce

Extensible Authentication Protocol (EAP)

• Provides a pointer to authentication• EAP – Transport level security• Wireless needs EAP• PEAP - (Protected EAP)

Link Layer Threats• Confidentiality

– Sniffing for reconnaissance– Offline brute force– Unapproved wireless

• Integrity– Modify packets– Man-in-the-middle– Force weaker authentication

• Availability– Denial of service– War driving

• Transition from wireless to wired

Wired and Wireless Link-Layer Controls

• Encryption– PPP Encryption Control Protocol (ECP)

• Authentication– PAP– CHAP– EAP

• Tunneling– EAP-TTLS

• Radio frequency management

Wireless Encryption Summary802.1x

DynamicWEP

Wi-FiProtected

Access

Wi-FiProtected Access 2

Access Control 802.1X 8021X or pre-shared key

802.1X or pre-shared key

Authentication EAP methods EAP methods or pre-shared key

EAP methods or pre-shared key

Encryption WEP TKIP (RC4) CCMP (AES Counter Mode)

Integrity None Michael MIC CCMP (AES CBC-MAC)

Metropolitan Area Network (MAN)• Optimization for city• Use wireless infrastructure, fiber optics or ethernet to connect

sites together• Still needs security• Switched Multi-megabit Data Service (SMDS)• SONET/SDH

Layer 3: Network Layer• Moves information between two hosts that are not physically

connected• Uses logical addressing

LAN/WAN• Local Area Network (LAN)

– LANs service a relatively small area– Most LANs have connectivity to other networks– VLANs are software-based LAN segments implemented by switching

technology

• Wide Area Network (WAN)– A WAN is a network connecting local networks or access points– Connections are often shared and tunneled through other connections

Storage Area Network (SAN)• Hard drive space problem• Server of servers• Fiber backbone• Switched

Public Switched Telephone Networks (PSTNs)

• PSTNs are circuit-switched networks• PSTNs are subject to attacks

X.25• Suite of protocols for unreliable networks• Has a strong focus on error correction• Users and host connect through a packet-switched network• Most organizations now opt for frame relay and ATM instead of

X.25 for packet switching

Frame Relay• Network cloud of switches• Customers share resources in the cloud• The cloud is assumed to be reliable• Customers are charged only for bandwidth used

Asynchronous Transfer Mode (ATM)• ATM is connection-oriented

– Uses virtual circuits– Guarantees QoS but not the delivery of cells– Types of virtual circuits

Multi-Protocol Label Switching (MPLS)• Bandwidth management and scalability• Permits traffic-engineering• Provides QoS and defense against network attacks• Operates at Layer 2 and 3• Operates over most other packet switching technologies such as

Frame Relay and ATM

Comparing Broadband Wireless802.11

WiFi802.16WiMAX

802.20Mobile-Fi

UMTS3G

Bandwith 11-54 Mbps shared Share up to 70 Mbps

Up to 1.5 Mbps each 384 Kbps – 2 Mbps

Range (LOS)Range (NLOS)

100 meters30 meters

30 – 50 km2 – 5 km (‘07)

3 – 8 km Coverage is overlaid on wireless infrastructure

Mobility Portable Fixed (Mobile – 16e)

Full mobility Full mobility

Frequency/ Spectrum 2.4 GHz for 802.1 1b/g5.2 GHz for 802.11a

2 - 11 GHz for 802.16a11-60 GHz for 802.16

< 3.5 GHz Existing wireless

Licensing Unlicensed Both Licensed Licensed

Standardization 802.11a,b and g standardized

802.16, 802.16a and 802.16 REVd standardized, other under development

802.20 in development

Part of GSM standard

Availability On the market today Products available today

Standards coming Currently being deployed

Wireless Optics• Two laser transceivers communicate at speeds comparable to

SONET• Wireless optics transmissions are hard to intercept• Wireless optics can be unreliable during inclement weather• Avoids the licensing requirements of Microwave in most regions

Network Usage: Definitions• Intranet• Extranet

– Granting access to external organizations

• Internet

Other Aspects

• Virtual Private Network– Remote access through VPN– LAN to LAN configuration

• Secure Remote Access– Remote access through modems, ISPs, WAN connections

• Traffic Shaping– Quality of Service (QoS)– Depends on all carriers agreeing on priority handling rules

• Routers– Network routing

Firewalls• Filtering

– Filtering by address– Filtering by service

• Static Packet Filtering• Stateful inspection or dynamic packet filtering• Personal firewalls• Enforce administrative security policies• Separate trusted networks from untrusted networks

– Firewalls should be placed between security domains

• Proxy Firewalls– Circuit-level policy– Application-level policy

FirewallsFirewall Type OSI Model Layer Characteristics

Packet filtering Network layer Routers using ACLs dictate acceptable access to a network

Looks at destination and source addresses, ports and services requested

Application-level proxy

Application layer Deconstructs packets and makes granular access control decisions

Requires one proxy per service

Firewalls (cont.)Firewall Type OSI Model Layer Characteristics

Circuit- level proxy Session layer Deconstructs packets

Protects wider range of protocols and services than app-level proxies, but are not as detailed as a level of control

Stateful Network layer Keeps track of each conversation using a state table

Looks at state and context of packets

Network Partitioning• Boundary routers• Dual-homed host• Bastion Host• Demilitarized Zone (DMZ)• Three-legged firewall

End Systems• Servers and mainframes• Operating systems• Notebooks• Workstations• Smart phones• Personal digital assistants• Network Attached Storage (NAS)

Internet Protocol (IP)• Internet Protocol (IP) is responsible for routing packets over a

network• Unreliable protocol• IP will subdivide packets• IPv4 address structure

Internet Protocol (cont.)

Internet Protocol Address StructureClass Range of First

OctetNumber of Octets

for Network Number

Number of Hosts in Network

A 1 – 127 1 16,777,216

B 128 – 191 2 65,536

C 192 – 223 3 256

D 224 – 239 Multicast

E 240 - 255 Reserved

Subnetting and Valid Subnets• Subnetting• Supernetting• Classless Inter-Domain Routing (CIDR)

Dynamic Host Configuration Protocol (DHCP)

• Dynamically assigns IP addresses to hosts• Client does not have to request a new lease every time it boots

IPv6• A larger IP address field• Improved security• A more concise IP packet header• Improved quality of service (QoS)

Internetwork Packet Exchange (IPX)• Vendor specific• Retired

Internet Control Message Protocols (ICMP)

• ICMP redirect attacks• Traceroute exploitation• Ping scanning

Internet Group Management Protocol (IGMP)

• Used for multicast messages• Sets up multicast groups

Virtual Private Network (VPN)• Secure shell (SSH)• SSL/TLS• SOCKS• High Assurance Internet Protocol Encryptor (HAIPE)• IP Security (IPSEC) – see next slide

IPSEC Authentication and Confidentiality for VPNs

• Authentication Header (AH)• Encapsulating Security Payload (ESP)• Security Parameter Index (SPI)• Security Associations• Transport Mode / Tunnel Mode• Internet Key Exchange ((IKE)

Tunneling Protocols• Tunneling Protocols

– Point-to-point Tunneling Protocol (PPTP)– Layer 2 Tunneling Protocol (L2TP)

• Routing Protocols– Routing Information Protocol (RIP)– Virtual Router Redundancy Protocol (VRRP)– Open Shortest Path First (OSPF)– Exterior Gateway Protocol (EGP)– Border Gateway Protocol (BGP)– Intermediate System-to-Intermediate System (ISIS)– Interior Gateway Routing Protocol (IGRP)– Enhanced IGRP (EIGRP)

Risks and Attacks• Key shortcoming in IP is its lack of authentication• Shortcomings in implementation• IP Fragmentation Attacks

– Teardrop attack– Overlapping fragment attacks

• IP Address Spoofing– Overlapping fragment attacks– Packets are sent with a bogus source address– Takes advantage of a protocol flaw

• Encryption as a Threat– External attackers– Internal attackers

Risks and Attacks• Network Eavesdropping• Sniffing the wire• Encryption• IP allows the sender to specify the path

– Attackers can abuse source routing, thereby gaining access to an internal network

Risks and Attacks

• Source-routing Exploitation– IP allows the sender to specify the path

• Attackers can abuse source routing, thereby gaining access to an internal network

• Smurf and Fraggle attacks– Smurf attack mis-uses the ICMP Echo Request– Fraggle attack used UDP instead of ICMP– Ping of death

Controls• Policy• Inbound and outbound traffic controls• Network partitioning

Layer 4: Transport Layer• End-to-end transport between peer hosts• Connection oriented and connectionless protocols

Protocols

• Transmission Control Protocol (TCP)– Well-known ports– Registered ports– Dynamic and/or private ports

• User Datagram Protocol (UDP)– Fast – Low overhead– No error correction/replay protection

• Sequenced Packet Exchange (SPX)– Novell’s protocol– Replaced by TCP

Transport Layer Security (TLS)• Mutual authentication• Encryption• Integrity

Attacks• SYN Flood• Port Scanning

– FIN, NULL and XMAS Scanning– SYN Scanning– TCP Sequence Number Attacks– Session Hijacking

• Denial of Service

Controls• SYN proxies• Honeypots and honeynets• Tarpits• Continuous or periodic authentication

Layer 5: Session Layer• Client server model• Middleware and three-tiered architecture• Mainframe• Centralized systems

Protocols• Real-time protocol – RTP• RTP control protocol – RTCP • Remote procedure calls - RPC

RPC Threats and Controls• Threats

– Unauthorized sessions– Invalid RPC exchanges

• Controls– Secure RPC

Layer 6: Presentation Layer

• Ensures a common format for data• Services for encryption and compression

Standards• Mainframe to PC Translation

– Extended Binary Coded Decimal Interchange Code (EBCDIC)– American Standard Code for Information Interchange (ASCII)– Gateway

• Video and Audio Compression– Codec

• Compression / decompression

– Conserves bandwidth and storage

Compression ProtocolsAudio Compression

ISO/IECMPEG – I Layer III (MP3)MPEG-I Layer I & IIAAC: HE_ACC v2aacPlus v2

ITU-TG.711 G.722 G.723G.726 G.728 G.729

Video CompressionISO/IEC

MJPEGMPEG-I & IIMPEG-4 ASP & AVC

ITU-TH.261 – H.264

Threats and Controls• Availability Threat

– Lack of interoperability

• Controls– Organizational standards

Layer 7: Application Layer• The application layer is NOT the Graphical User Interface (GUI)• Performs communications between peer applications

Implementations• Client/Server

– Telephony/voice– Video– Instant messaging– Email– World wide web– File transfer

• Peer-to-peer– Sharing

• Multi-tier– Web front-end– Database back-end– Web 2.0

Protocols Examples

FTP File Transfer Protocol

HTTP HyperText Transfer Protocol

IMAP Internet Message Access Protocol

IRC Internet Relay Chat

MIME Multipurpose Internet Mail Extensions

POP3 Post Office Protocol (version 3)

Rlogin Remote Login in UNIX Systems

SOAP Simple Object Access Protocol

SSH Secure Shell

TELNET Terminal Emulation Protocol

Threats and Controls• Vulnerabilities as of September 2007

– 35,000

• Verified exploits– +10,000

• Controls– STOP IT!

• Don’t use application-layer protocols that are too risky?

– Update / patch

Telephony• Voice Over IP

– Reduced cost– Converged technology security

• Mobile Telephony – Cellular service– Analog

• Advanced Mobile Phone Service (AMPS)

– Digital• Global Service for Mobile Communications (GSM)• General Packet Radio Service (GPRS)• Universal Mobile Telecommunications System (UMTS)

– Data

Mobile Multiplexing Technologies

Technology Principle Objective

Frequency Division Multiple Access

(FDMA)

Divide frequency into sub bands

Open several low bandwidth channels

Time Division Multiple Access

(TDMA)

Split transmission by time slices

Multiplexing between participants

Code Division Multiple Access

(CDMA)

Multiplex several signals into one

signal

Multiplexing is performed on a

digital level

Protocols• VoIP Protocols

– H.323

• SIP• Mobile Telephony Protocols

– Proprietary Applications and Services– Wireless Application Protocol (WAP)

• Mobile internet browsing

Telephony Threats and Controls• Threats

– IP Telephony Network Issues– IP Telephony Vulnerabilities

• Controls– Authentication– Firewalls– Modem control

• Good practices for VoIP telephony– Encryption– Hardening– Patches– Authentication– Physical protection

General Threats• Authenticity• Eavesdropping• Social engineering• Tunneling firewalls

Services• Authentication• Directory• Configuration• Communication• Storage• Printing

Authentication

• Centralized Remote User Authentication– Network Access Server send authentication requests to the Centralized

Authentication Server.

• Kerberos Authentication– RFC 1510– Principals (client and server) are treated as equals– Key Distribution Server (KDC)

• Authentication server (AS)

– Ticket granting server (TGS)

Directory Services• Domain Name Service (DNS)• Lightweight Directory Access Protocol (LDAP)• Network Basic Input Output System (NetBios)• Network Information Service (NIS/NIS+)

Configuration Services• Simple Network Management Protocol (SNMP)• Dynamic Host Configuration Protocol (DHCP)• Network Time Protocol (NTP)• Finger User Information Protocol

Communication Services• Synchronous Messaging

– Instant Messaging (IM)– Internet Relay Chat (IRC)

• Asynchronous Messaging– Simple Mail Transfer Protocol (SMTP)– Post Office Protocol (POP)– Internet Message Access Protocol (IMAP)– Network News Transfer Protocol (NNTP)

Remote Communication Services• TCP/IP Terminal Emulation Protocol (TELNET)• Remote Login (RLOGIN), Remote Shell (RSH), Remote Copy (RCP)• X Window System (XII)• Video and multimedia

Storage Server Services• Common Internet File System (CIFS ) /Server Message Block

(SMB)• Network File System (NFS)• Secure NFS (SNFS)

Storage Data Services• File Transfer Protocol (FTP)• Trivial File Transfer Protocol (TFTP)• Hypertext Transfer Protocol (HTTP)• HTTP over TLS (HTTPS)• Secure Hypertext Transfer Protocol (S-HTTP)• Proxies

Printing Services• Internet Printer Protocol (IPP)• Line Printer Daemon (LPD) and Line Printer Remote (LPR)• Common UNIX Printing System (CUPS)

DNS Threats• Spoofing• Query manipulation

– Hosts file manipulation– Social engineering

• Information disclosure• Domain litigation• Cyber squatting

Other Threats• Email Threats

– Spoofing– Open Mail Relay Servers– Spam and Filtering

• Instant messaging Threats• File sharing• SPIM• Service Message Block (SMB) Threats

– Buffer overflows

Controls• DNS security extensions (DNSSEC)• Mail filtering• IM policy• Turn off SMB