network security
DESCRIPTION
Presentation on Network security for CyLab at ESI CenterTRANSCRIPT
Network security (intro)27.06.2013, CyLab @ ESI CEE
Ники Стоицев
CCNA CCAI
Protocols
TCPHTTPHTTPSDNS
Attacks
DoS/DDoSSession hijackingSequence predictionConnection KillingRequest SmugglingMan-in-the-middle attack
Transmission Control Protocol (TCP)
● The core protocol of the Internet protocol suite (IP)
● Reliable● Ordered● With error checking● Connection-oriented
TCP Three-way Handshake
TCP Communication
DoS/DDoS
Denial-of-service attack (DoS attack)
Distributed denial-of-service attack (DDoS attack)
DDOS
DDOS Danger
● Cyberattacks on Estonia
SYN Flooding
Session hijacking
TCP sequence prediction attack
TCP sequence prediction attack
TCP sequence prediction attack
TCP Connection Killing
● With RST● With FIN
HTTP
● Hypertext Transfer Protocol (HTTP)● Request-response protocol in the client-
server computing model
HTTP
HTTP Request Smuggling
Cache Poisoning ExploitingRequest Credential Hijacking
Man-in-the-middle attack
MITM
ARP PoisoningDNS SpoofingDNS Poisoning
Example
HTTPS
HTTP Secure● HTTP on top of SSL/TLS protocol● Provides authentication of the web site● Bidirectional encryption
Public-key cryptography
Public Key CertificateSerial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key
Public Key: The public key.
Public Key Certificate Signing
SSL/TLS
● SSL is the predecessor of TLS● Asymmetric cryptography for authentication● Symmetric encryption for confidentiality● Message authentication codes for message
integrity
SSL/TLS
RC4
● RC4 is used in SSL● Simple● Remarkable speed
RC4 attack
Discovered statistical biases in RC4 key table
50% of all TLS traffic is currently protected using the RC4 algorithm
RC4 attack
"The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent in TLS ciphertexts when the same plaintext is repeatedly encrypted at a fixed location across many TLS sessions"
DNS
Domain name system
DNS Attacks
DNS SpoofingDNS Cache Poisoning
DNS Rebinding
Circumvents same origin policy
Questions?Thank you!