information systems 365 lecture eight

Information Security 365/765, Fall Semester, 2014

Course Instructor, Nicholas DavisLecture 8, Telecommunications and Network

Security

Today’s Chocolate BarToday’s Chocolate BarYour Old Friend SnickersYour Old Friend Snickers

04/13/23 UNIVERSITY OF WISCONSIN 2

Telecommunications andTelecommunications andNetwork Security OverviewNetwork Security Overview

The OSI seven layer modelTCP/IP and other protocolsLAN, WAN, MAN, intranet, extranetCable types and data transmission typesNetwork devices and servicesCommunications security managementTelecommunications devicesRemote access methods and technologiesWireless technologies


The OSI Seven Layer ModelThe OSI Seven Layer Model

The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO)


Layer 1: Physical LayerLayer 1: Physical LayerThis is the physical stuff connecting computers together (cables, switches, routers, modems etc etc).


Layer 2: Data LinkLayer 2: Data Link

This is where switches operate.


Layer 3: NetworkLayer 3: Network

This is where routers operate. Anything regarding the TCP/IP protocol happens here. Think IP’s, subnet masks, default gateways etc.


Layer 4: TransportLayer 4: Transport

This layer deals how much information is sent back and forth in a session. Using the website example it handles the information the user sends in a request, and then the information the server has to retrieve and send back in order for you to see the website.


Layer 5: SessionLayer 5: SessionThis layer deals with communication between two devices. For example: when the user goes to a website, the user’s computer must open a session between itself and server hosting the website, thus allowing the user to receive the website in the first place. The same goes for any sort of communication, ie VOIP etc.


Layer 6: PresentationLayer 6: Presentation

This is the OS.


Layer 7: ApplicationLayer 7: Application

This is the layer the user is interacting with (software). This can be skype, chrome etc.


IP – Internet ProtocolIP – Internet ProtocolHow the Internet TalksHow the Internet TalksA protocol (means of communication) which provides a means for routing data to its destinationThink of it this way:Data = A letterIP address = Addressed envelopeNetwork = the postal system


TCP and UDPTCP and UDPTwo Major Protocols For Two Major Protocols For

Transmission Over IPTransmission Over IP


Reliabaility TCPReliabaility TCP

TCP is connection-oriented protocol. When a file or message send it will get delivered unless connections fails. If connection lost, the server will request the lost part. There is no corruption while transferring a message.


Reliability UDPReliability UDP

UDP is connectionless protocol. When you a send a data or message, you don't know if it'll get there, it could get lost on the way. There may be corruption while transferring a message.


Ordered Delivery TCPOrdered Delivery TCP

Ordered: If you send two messages along a connection, one after the other, you know the first message will get there first. You don't have to worry about data arriving in the wrong order


No Ordered Delivery UDPNo Ordered Delivery UDP

If you send two messages out, you don't know what order they'll arrive in i.e. no ordered


TCP is a HeavyweightTCP is a HeavyweightProtocolProtocol

Heavyweight: - when the low level parts of the TCP "stream" arrive in the wrong order, resend requests have to be sent, and all the out of sequence parts have to be put back together, so requires a bit of work to piece together


UDP is a Lightweight UDP is a Lightweight ProtoclProtocl

Lightweight: No ordering of messages, no tracking connections, etc. It's just fire and forget! This means it's a lot quicker, and the network card / OS have to do very little work to translate the data back from the packets.


TCP StreamingTCP Streaming

Streaming: Data is read as a "stream," with nothing distinguishing where one packet ends and another begins. There may be multiple packets per read call.


UDP DatagramsUDP Datagrams

Datagrams: Packets are sent individually and are guaranteed to be whole if they arrive. One packet per one read call.


Examples of TCP ServicesExamples of TCP Services

Examples: World Wide Web (Apache TCP port 80), e-mail (SMTP TCP port 25 Postfix MTA), File Transfer Protocol (FTP port 21) and Secure Shell (OpenSSH port 22) etc.


Examples of UDP ServicesExamples of UDP Services

Examples: Domain Name System (DNS UDP port 53), streaming media applications such as IPTV or movies, Voice over IP (VoIP), Trivial File Transfer Protocol (TFTP) and online multiplayer games etc


What is Your Opinion ofWhat is Your Opinion ofWhen to Use TCP vs. UDP?When to Use TCP vs. UDP?

TCP is typically slower than UDPUDP is typically less reliable than TCP


The TCP HandshakeThe TCP Handshake


Every Node on an IP Every Node on an IP NetworkNetwork

Has an IP AddressHas an IP AddressIn IPv4 there are five classes of IP addresses A-EClass A = Very large networksClass B = Medium to large size networksClass C = Small networksClass D = Reserved for multicastingClass E = Experimental and educational use


Baseband vs BroadbandBaseband vs BroadbandCommunicationCommunication

Baseband uses the entire bandwidth of a communication channel for its transmission

Broadband divides the available bandwidth into individual channels, each carrying independent data streams


The 5 Types of PhysicalThe 5 Types of PhysicalNetwork TopologiesNetwork Topologies

BusRingStarTreeMesh


Bus TopologyBus Topology

Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.04/13/23 UNIVERSITY OF WISCONSIN 29

Ring Topology

In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.


Star Topology

Many home networks use the star topology. A star network features a central connection point called a "hub node" that may be a network hub , switch or router . Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)


Tree TopologyTree TopologyCorporate NetworksCorporate Networks

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the root of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.


Mesh TopologyMesh TopologyThe Larger InternetThe Larger Internet

Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs , most notably the Internet, employ mesh routing.


Summary ofSummary ofNetwork TopologiesNetwork Topologies

Topologies remain an important part of network design theory. You can probably build a home or small business computer network without understanding the difference between a bus design and a star design. However, each type of topology has security implications.


Network CablingNetwork CablingCoaxial CableCoaxial Cable

Coaxial cable, or coax (pronounced 'ko.æks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket.


Network CablingNetwork CablingTwisted PairTwisted Pair

Twisted pair cabling is a type of wiring in which two conductors of a single circuit are twisted together for the purposes of canceling out electromagnetic interference from external sources; for instance, electromagnetic radiation from unshielded twisted pair cables, and crosstalk between neighboring pairs.


Network CablingNetwork CablingFiber OpticFiber Optic

A technology that uses glass (or plastic) threads (fibers) to transmit data. A fiber optic cable consists of a bundle of glass threads, each of which is capable of transmitting messages modulated onto light waves. Fiber optics has several advantages over traditional metal communications lines:


For Better Security UseFor Better Security UseCoaxial Cable or Fiber Coaxial Cable or Fiber

OpticsOpticsSignal leakage from twisted pair cables makes them vulnerable to snooping of the data traffic


Beware of Signal Beware of Signal AttenuationAttenuation

(loss of signal over distance)(loss of signal over distance)


Assigning An IP AddressAssigning An IP AddressDHCPDHCP

Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. DHCP assigns an IP address when a system is started, for example, your cable modem at home uses DHCP


Assigning an IP AddressAssigning an IP AddressStaticStatic

If you feel the need to always know what your IP address is then you need a Static IP address, because it is constant. Static IP addresses are used on servers making it easy for all computers to contact them, since they will know what the address of the server is


Different Types of Network Different Types of Network DevicesDevices

RepeatersBridgesRoutersSwitches


RepeaterRepeater

In telecommunications, a repeater is an electronic device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances.


BridgeBridge

A network bridge is a network device that connects multiple network segments. In the OSI model bridging acts in the first two layers, below the network layer.


RouterRouter

A router is a networking device, commonly specialized hardware, that forwards data packets between computer networks.


Network SwitchNetwork Switch

A network switch (sometimes known as a switching hub) is a computer networking device that is used to connect devices together on a computer network, by using a form of packet switching to forward data to the destination device.


Network GatewayNetwork Gateway

In computer networking, a gateway is a node (a router) on a TCP/IPnetwork that serves as an access point to another network. A defaultgateway is the node on the computer network that the networksoftware uses when an IP address does not match any other routes in the routing table.


FirewallFirewall

In computing, a firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.


The Trickery of a HoneypotThe Trickery of a Honeypot

A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.

You can learn a lot from a Honeypot


Network SegmentationNetwork Segmentation

Reduced congestion: Improved performance is achieved because on a segmented network there are fewer hosts per subnetwork, thus minimizing local trafficImproved security: Broadcasts will be contained to local network. Internal network structure will not be visible from outsideContaining network problems: Limiting the effect of local failures on other parts of network


DNS DNS Domain Naming ServiceDomain Naming Service

The DNS translates Internet domain and host names to IP addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.

DNS implements a distributed database to store this name and address information for all public hosts on the Internet. DNS assumes IP addresses do not change (are statically assigned rather than dynamically assigned).


DNS PoisoningDNS Poisoning

DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (often the attacker's).


Directory ServicesDirectory Services

Directory services are software programs that link directly into core databases to manage the identities and security of users on a network. They are crucial to many medium and large organisations.


NATNATNetwork Address Network Address

TranslationTranslationNAT (Network Address Translation or Network Address Translator) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network.


The Corporate IntranetThe Corporate Intranet

a local or restricted communications network, especially a private network created using World Wide Web software.


The Corporate ExtranetThe Corporate Extranet

An intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the Internet securely.


The LANThe LAN

A local area network (LAN) is a computer network that interconnects computers within a limited area such as a home, school, computer laboratory, or office building, using network media.


The MANThe MAN

A Metropolitan Area Network (MAN) is a large computer network that spans a metropolitan area or campus. Its geographic scope falls between a WAN and LAN. MANs provide Internet connectivity for LANs in a metropolitan region, and connect them to wider area networks like the Internet.


The WANThe WAN

A wide area network (WAN) is a computer network that spans a relatively large geographical area and consists of two or more interconnected local area networks (LANs). A LAN is a network that connects computers and other devices in a relatively small area, typically a single building or a group of adjacent buildings.


Quality of ServiceQuality of ServiceQOSQOS

Quality of service (QoS) is the overall performance of a telephony or computer network, particularly the performance seen by the users of the network.Three levels of QOS are:Best Effort – We tryDifferentiated Service – We elevate above best effortGuaranteed Service – Has priority over all


Remote Access and Remote Access and WardialingWardialing

Remote access is the ability to get access to a computer or a network from a remote distance. In corporations, people at branch offices, telecommuters, and people who are travelling may need access to the corporation's network.


War DialingWar Dialing

War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers - malicious hackers who specialize in computer security - for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.


DSL and Cable ModemsDSL and Cable ModemsA New VulnerabilityA New Vulnerability

In the old days, people would dialup, connect and then disconnect to the Internet via modem

Exposure time was limited

DSL and cable modems are always on, so exposure time is no longer limited, creating an opportunity for hackers04/13/23 UNIVERSITY OF WISCONSIN 63

Virtual Private NetworkVirtual Private NetworkVPNVPN

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.


802.11 Wireless Networks802.11 Wireless Networks

A family of IEEE standards that extend the common wired Ethernet local network standard into the wireless domain. The 802.11 standards are widely known as "Wi-Fi" because the Wi-Fi Alliance provides certification for 802.11 products. There have been four major 802.11 standards designated with letter suffixes (a, b, g and n); the latest and fastest being 802.11n (the slowest is 802.11b, and the two medium speed are 802.11a and 802.11g). For more about Wi-Fi networks, see wireless LAN and Wi-Fi. Following are the 802.11 specifications, from slowest to fastest.04/13/23 UNIVERSITY OF WISCONSIN 65

Bluetooth WirelessBluetooth Wireless

Bluetooth wireless technology is a technology that allows computers, phones, headsets, PDA's and other devices to wirelessly communicate over short distances (typically about 33 feet).

EncryptedLow powerSimple protocol (relative to wifi)


Mobile Phone SecurityMobile Phone Security

Usually not encryptedMobile base station impersonationMobile phone cloningEncrypted over wireless portion, but usually not over the wired backhaul connectionAccess to Internet, bypassing corporate firewallsMalware threats worse than on a regular computerAbility to access camera is a threat


Wireless Best PracticesWireless Best Practices

At least enable WEP, if not stronger encryptionChange default SSID (name of network)Disable broadcast SSID (name of network)Place the Access Point at the center of the building to avoid external accessConfigure the Access Point to only allow known MAC (hardware) addresses into the network04/13/23 UNIVERSITY OF WISCONSIN 68

A Note About RootkitsA Note About Rootkits

A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.[1] The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.[1]


Dangers of Instant Dangers of Instant MessagingMessaging

IMIMCommunication via IM is usually not encryptedIM often allows the transfer of files, which could enable someone to send sensitive data off-site without being noticed by corporate detection systems, which may not be setup to monitor unauthorized and unknown use of IM for personal purposes (Facebook IM)


information systems 365 lecture eight

Documents

data backfrom

connectionless protocol

layer modeltcpip

network security

information security

whenthe user

connectionoriented protocol

sseessssiioonnthis layer