telecommunications & network security

54
1 Telecommunications & Telecommunications & Network Security Network Security Originally (1/01) by: Usha Viswanathan Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett Modified (1/03, 5/06 ) by: John R. Durrett

Upload: jorden-zimmerman

Post on 03-Jan-2016

35 views

Category:

Documents


1 download

DESCRIPTION

Telecommunications & Network Security. Originally (1/01) by: Usha Viswanathan Modified (1/03, 5/06 ) by: John R. Durrett. Presentation Overview. C.I.A. as it applies to Network Security Protocols & Layered Network Architectures OSI and TCP/IP TCP/IP protocol architecture - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Telecommunications & Network Security

11

Telecommunications & Telecommunications & Network SecurityNetwork Security

Originally (1/01) by: Usha ViswanathanOriginally (1/01) by: Usha Viswanathan

Modified (1/03, 5/06 ) by: John R. DurrettModified (1/03, 5/06 ) by: John R. Durrett

Page 2: Telecommunications & Network Security

22

Presentation OverviewPresentation Overview

– C.I.A. as it applies to Network Security– Protocols & Layered Network Architectures– OSI and TCP/IP– TCP/IP protocol architecture– IP addressing & Routing– TCP– Applications– IPv6

Page 3: Telecommunications & Network Security

33

C.I.A.C.I.A.

– Confidentiality: The opposite of disclosure• Elements used to insure:

Security Protocols, authentication services, encryption services

– Integrity: The opposite of Alteration• Elements used to insure:

Firewalls, Communications Security Management, Intrusion Detection Services

– Availability: The opposite of destruction / denial• Fault Tolerance, Acceptable system performance, Reliable

administration and network security

Page 4: Telecommunications & Network Security

44

Protocols & the Layered Network: Protocols & the Layered Network: IntroIntro

– Protocol: • A standard set of rules that determine how computers talk• Describes the format a message must take • Enables multi-platform computers to communicate

– The Layered Architecture Concept• Data passes down through the layers to get “out”, and up to get

“in”• Reasons for use: to clarify functionality, to break down

complexity, to enable interoperability, easier troubleshooting

Page 5: Telecommunications & Network Security

55

TCP/IP TCP/IP The “The “lingua francalingua franca” of the ” of the InternetInternet..

Page 6: Telecommunications & Network Security

66

ISO’s Open Systems Interconnect (OSI) ISO’s Open Systems Interconnect (OSI) Reference ModelReference Model

– Protocol Layering• Series of small modules

Well defined interfaces, hidden inner processes

Process modules can be replaced

Lower layers provide services to higher layers

– Protocol Stack: modules taken together

– Each layer communicates with its pair on the other machine

Page 7: Telecommunications & Network Security

77

The OSI ModelThe OSI Model

PhysicalPhysical

TransportTransport

ApplicationApplication

SessionSession

PresentationPresentation

DatalinkDatalink

PhysicalPhysical

TransportTransport

ApplicationApplication

SessionSession

PresentationPresentation

DatalinkDatalink

Across Network

The path messages take

Sender Receiver

NetworkNetworkNetworkNetwork

Page 8: Telecommunications & Network Security

88

OSI LayersOSI Layers

Communication partners, QoS identified

Semantics , encryption compression (gateways)

Establishes, manages, terminates sessions

Sequencing, flow/error control, name/address resolution

Routing, network addresses (routers)

MAC address, low level error control (bridges )

Encoding/decoding digital bits, interface card PhysicalPhysical

NetworkNetwork

TransportTransport

ApplicationApplication

SessionSession

PresentationPresentation

DatalinkDatalink

Page 9: Telecommunications & Network Security

99

TCP/IPTCP/IP

Network Network LayerLayer

TransportTransportLayerLayer

ApplicationApplication

Network Network LayerLayer

Network Network LayerLayer

Network Network LayerLayer

Network Network LayerLayer

TransportTransportLayerLayer

ApplicationApplication

Network Network LayerLayer

TransportTransportLayerLayer

AliceAlice BobBobRouterRouter

Page 10: Telecommunications & Network Security

1010

TCP/IP: The Protocols and the OSI TCP/IP: The Protocols and the OSI ModelModel

EthernetEthernet Token BusToken Bus Token RingToken Ring FDDIFDDI

Internet ProtocolInternet Protocol

ARPARP

TELNET FTP SMTP DNS SNMP DHCPTELNET FTP SMTP DNS SNMP DHCP

DatalinkDatalinkPhysicalPhysical

NetworkNetwork

TransportTransport

ApplicationApplicationPresentationPresentation

SessionSession

ICMPICMPIGMPIGMP

RTPRTPRTCPRTCP

TransmissionTransmissionControl ProtocolControl Protocol

User DatagramUser DatagramProtocolProtocol

OSPFOSPF

RIPRIP

Page 11: Telecommunications & Network Security

1111

Data Encapsulation by LayerData Encapsulation by Layer

DestinationDestinationDestinationDestination

DataData

TCP HeaderTCP Header

DatagramDatagram

PacketPacket

ApplicationApplication

TCPTCP

NetworkNetwork

Data LinkData Link

FrameFrame

Opens envelopes layer-by-layerOpens envelopes layer-by-layer

Page 12: Telecommunications & Network Security

1212

Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)

– Traditional TCP/IP Security: None• No authenticity, confidentiality, or integrity• Implemented & expanding: IPSec

– Workhorse of the internet• FTP, telnet, ssh, email, http, etc.

– The protocol responsible for the reliable transmission and reception of data.

– Unreliable service is provided by UDP.– Transport layer protocol.– Can run multiple applications using the same transport.

• Multiplex through port numbers

Page 13: Telecommunications & Network Security

1313

TCP FieldsTCP Fields

Source portSource port Destination portDestination port

Sequence numberSequence number

Acknowledgment numberAcknowledgment number

Data offset Data offset ReservedReserved WindowWindow

ChecksumChecksum Urgent pointerUrgent pointer

OptionsOptions PaddingPadding

datadata

UURRPP

AACCKK

PPSSHH

RRSSTT

SSYYNN

FFIINN

Page 14: Telecommunications & Network Security

1414

TCP Connection EstablishmentTCP Connection Establishment

– Alice to Bob: SYN with Initial Sequence Number-a

– Bob to Alice: ACK ISN-a with ISN-b

– Alice to Bob: ISN-b

– Connection Established

Page 15: Telecommunications & Network Security

1515

User Datagram Protocol (UDP)User Datagram Protocol (UDP)– Connectionless– Does not retransmit lost packets– Does not order packets– Inherently unreliable

– Mainly tasks where speed is essential

– Streaming audio and video– DNS

Source PortSource Port Destination PortDestination Port

Message LengthMessage Length ChecksumChecksum

DataData

……

Page 16: Telecommunications & Network Security

1616

ICMP: network plumberICMP: network plumber

Message Type Type # Purpose

Echo Reply 0 Ping response –system is alive

Destination Unreachable 3 No route, protocol, or port closed

Source Quench 4 Slow down transmission

Redirect 5 Reroute traffic

Echo 8 Ping

Time Exceeded 11 TTL exceeded packet dropped

Parameter Problem 12 Bad header

Timestamp 13 Time sent and requested

Timestamp return 14 Time request reply

Information request 15 Hosts asks: What network am I on

Information Reply 16 Information Response

Page 17: Telecommunications & Network Security

1717

Ports Ports

PORT USE

17 Quote of the Day

20 File Transfer Data

21 File Transfer Control

22 SSH

23 Telnet

25 SMTP

43 Whois (tcp & udp)

666 Doom

““Ports are used in the TCP [RFC793] to name the ends of logical connections which carry Ports are used in the TCP [RFC793] to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact contact port is defined. This list specifies the port used by the server process as its contact

port. The contact port is sometimes called the "well-known port". port. The contact port is sometimes called the "well-known port".

•Source portSource port•Destination portDestination port•Logical connectionLogical connection

•Priviledged – unprivileged portsPriviledged – unprivileged ports

Page 18: Telecommunications & Network Security

1818

Network Address Translation (NAT)Network Address Translation (NAT)

– Illegal Addresses– Unroutable addresses: 10.0.0.0 192.168.0.0 – Limited address space in IP V4

– NAT maps bad to valid addresses• Mapping to single external address• One-to-One mapping• Dynamically allocated addresses

RouterRouter

10.0.0.510.0.0.5 12.13.4.512.13.4.5

Page 19: Telecommunications & Network Security

1919

HTTPHTTP

Logical Structure of theLogical Structure of the Internet Protocol Suite Internet Protocol Suite

Physical LayerPhysical Layer

IPIP

ARPARP

TELNETTELNET

TransmissionTransmissionControl ProtocolControl Protocol

User DatagramUser DatagramProtocolProtocol

RARPRARP

Internet AddressingInternet Addressing

(ICMP,IGMP)(ICMP,IGMP)

FTPFTP SNMPSNMPDNSDNS TFTPTFTP

Connection OrientedConnection Oriented ConnectionlessConnectionless

Page 20: Telecommunications & Network Security

2020

Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)

Maps IP addresses to MAC addresses

When host initializes on local network:– ARP broadcast : IP and MAC address– If duplicate IP address, TCP/IP fails to initialize

Address Resolution Process on Local Network – Is IP address on local network?– ARP cache– ARP request– ARP reply– ARP cache update on both machines

Page 21: Telecommunications & Network Security

2121

ARP OperationARP Operation

ARP Request

Here is my Here is my MAC addressMAC address

129.1.1.1129.1.1.1 BB CC 129.1.1.4129.1.1.4NotNotmeme

Not Not meme

That’sThat’smeme

RequestRequestIgnoredIgnored

RequestRequestIgnoredIgnored

ARP ResponseARP ResponseAcceptedAccepted

Give me the MAC address of station 129.1.1.4Give me the MAC address of station 129.1.1.4

Page 22: Telecommunications & Network Security

2222

Address Resolution on Remote Address Resolution on Remote NetworkNetwork

– IP address determined to be remote– ARP resolves the address of each router on the way– Router uses ARP to forward packet

RouterRouter

Network ANetwork A Network BNetwork B

Page 23: Telecommunications & Network Security

2323

Reverse Address Resolution Protocol Reverse Address Resolution Protocol (RARP)(RARP)

Same packet type used as ARP

Only works on local subnets

Used for diskless workstations

RARP RARP RequestRequest

RARPRARPResponseResponse

DisklessDisklessWorkstationWorkstation BB CC RARPRARP

ServerServer

NotNotmeme

Not Not meme

RequestRequestIgnoredIgnored

RequestRequestIgnoredIgnored

RARP ResponseRARP ResponseAcceptedAccepted

Give me my IP addressGive me my IP address 129.1.1.1129.1.1.1

2323

Page 24: Telecommunications & Network Security

2424

The Internet Protocol (IP)The Internet Protocol (IP)

– IP’s main function is to provide for the interconnection of subnetworks to form an internet in order to pass data.

– The functions provided by IP are:• Addressing• Routing• Fragmentation of datagrams

Page 25: Telecommunications & Network Security

2525

Host Name ResolutionHost Name Resolution

Standard Resolution– Checks local name– Local HOSTS file– DNS server

Windows NT Specific Resolution– NetBIOS cache– WINS server– b-node broadcasts– LMHOSTS file (NetBIOS name)

Page 26: Telecommunications & Network Security

2626

Routing PacketsRouting Packets

– Process of moving a packet from one network to another toward its destination

– RIP, OSPF, BGP

– Dynamic routing

– Static routing

– Source routing

Page 27: Telecommunications & Network Security

2727

Static Routing TablesStatic Routing Tables

– Every host maintains a routing table• Use the “route” command in Linux and Windows

– Each row (or “entry”) in the routing table has the following columns:• (1) destination address and (2) mask• (3) gateway [i.e., the IP address of the host’s gateway/router]• (4) interface [i.e., the IP address of a host interface]• (5) metric [indicates the “cost” of the route, smaller is better]

– When the host wants to send a packet to a destination, it looks in the routing table to find out how

• Each OS handles routing somewhat differently

Page 28: Telecommunications & Network Security

2828

LAN TechnologiesLAN Technologies

– Ethernet: CSMA/CD, occasionally heavy traffic, BUS topology– ARCnet: token passing, STAR topology– Token Ring: active monitor, IBM, RING topology– FDDI: token passing, fast, long distance, predictable, expensive

– Media & Vulnerabilities• Attenuation, Crosstalk, Noise• Coax: cable failure & length limits• Twisted Pair (Cat 1-7): bending cable, crosstalk, Noise• Fiber-Optic: cost, high level of expertise required to install• Wireless: later

Page 29: Telecommunications & Network Security

2929

Coaxial CableCoaxial Cable

– Two types• ThinNet (10Base2)

10 Mbps, 30 nodes per segment, max 180 meters

LAN

• ThickNet (10Base5) 10 Mbps, 100 nodes per segment, max 500 meters

Backbone

– Insecure• Coax is easy to splice

Page 30: Telecommunications & Network Security

3030

Twisted Pair Copper CableTwisted Pair Copper Cable

– Copper wire– Twist reduces EMI– Classified by transmission rates

• Cat3, Cat5, Cat5e, Cat6

Page 31: Telecommunications & Network Security

3131

Fiber-Optic CableFiber-Optic Cable

– Glass core with plastic shielding– Small, light, fragile, and expensive– Very fast transmission rate– Can transmit data very far– Immune to interference– Hard to splice

Page 32: Telecommunications & Network Security

3232

Security ConcernsSecurity Concerns

– Easy to insert a node or splice into network

– Most attacks involve eavesdropping or sniffing

– Physical security– War driving

Page 33: Telecommunications & Network Security

3333

Network TopologiesNetwork Topologies

– BUS• Ethernet

– RING• Unidirectional• FDDI, Token Ring

– STAR• Logical BUS tends to be implemented as physical Star

– TREE• Basically a complicated BUS topology

– MESH• Multiple computer to computer connections

Page 34: Telecommunications & Network Security

3434

Hubs & SwitchesHubs & Switches

– Hub:• broadcasts information received on one interface to all other

physical interfaces

– Switch: • does not broadcast• Uses MAC address to determine correct interface

Page 35: Telecommunications & Network Security

3535

Unswitched DevicesUnswitched Devices

“Dumb” Devices(forward all packets)

– Layer 1 = Hub, Repeater• Technically, a hub passes

signals without regenerating them

– Layer 2 = Bridge• Connects different types of

LANs (e.g., Ethernet and ATM, but not Token Ring if you’re lucky)

“Intelligent” Devices(decide whether to forward

packets)

– Layer 3 = Router• Use routing table to make

decisions• Improved

performanceand security

– Layer 2/3 =Bridge/Router

Page 36: Telecommunications & Network Security

3636

SwitchesSwitches

– Layer 2 = data link layer (MAC address) = + over hubs/repeaters• Systems only see traffic they are supposed to see• Unswitched versus switched (full duplex) 10 and 100 mb Ethernet =

40% of bandwidth versus 95%+ (no collisions)– Layer 3 = network layer (IP address) = + over routers

• Routers moved to periphery• Virtual LANs (VLANs) become viable

– Layer 4 = transport layer (TCP/UDP/ICMP headers) = + over L3• Firewall functionality (i.e., packet filtering)• Significantly more expensive

– Layer 5 = session layer and above (URLs) = + over L4 for clusters• Application proxy functionality (but MUCH faster than proxies)• Special function, cutting-edge = significant specific performance gains• 1999/2000: researchers (from IBM & Lucent) designed a layer 5 switch as

front-end to a load-balanced 3-node cluster running AIX and Apache: 220% performance increase due to content partitioning

600% performance increase due to SSL session reuse

Page 37: Telecommunications & Network Security

3737

FirewallsFirewalls

– Control the flow of traffic between networks

– Internal, External, Server, Client Firewalls

– Traditional Packet filters– Stateful Packet filters– Proxy-based Firewalls

Page 38: Telecommunications & Network Security

3838

Traditional Packet FiltersTraditional Packet Filters

– Analyses each packet to determine drop or pass– SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface

– Very limited view of traffic

Action Source Destination Protocol SrcPort Dest Port Codebits

Allow Inside Outside TCP Any 80 Any

Allow Outside Inside TCP 80 >1023 ACK

Deny All All All All All All

Page 39: Telecommunications & Network Security

3939

Stateful Packet FiltersStateful Packet Filters

– Adds memory of previous packets to traditional packet filters

– When packet part of initial connection (SYN) it is remembered– Other packets analyzed according to previous connections

Page 40: Telecommunications & Network Security

4040

Proxy-based (Application) FirewallsProxy-based (Application) Firewalls

– Focus on application to application

– Can approve:• By user• By application• By source or destination

– Mom calls, wife answers, etc.

Page 41: Telecommunications & Network Security

4141

Firewall ArchitecturesFirewall Architectures

– Packet-Filtering Routers• Oldest type, sits between “trusted” & “untrusted” networks

– Screened-Host Firewalls• Between a trusted network host and untrusted network

– Dual-Homed Host Firewalls• Two nics, ip forwarding, NAT translation

– Screened-Subnet Firewalls• Two screening routers on each side of bastion host• DMZ

Page 42: Telecommunications & Network Security

4242

SecuritySecurity

– Encryption: Symmetric vs Asymmetric, hash codes

– Application Layer• PGP, GnuPG, S/MIME, SSH

– Session Layer: Secure Socket Layer (SSL)• Digital certificates to authenticate systems and distribute

encryption keys• Transport Layer Security (TLS)

– Network-IP Layer Security (IPSec)• AH: digital signatures• ESP: confidentiality, authentication of data source, integrity

Page 43: Telecommunications & Network Security

4343

IPSecIPSec Authentication Header (AH) Authentication Header (AH)

Next Header Payload Length Reserved

Security Parameters Index (SPI)

Sequence Number Field

Authentication Data

(variable number of 32 bit Words)

Page 44: Telecommunications & Network Security

4444

IPSecIPSec: Encapsulating Security Payload (ESP): Encapsulating Security Payload (ESP)

Security Parameters Index (SPI)

Sequence Number Field

Opaque Data, variable Length

Padding

Pad Length Next Header

Authentication Data

Page 45: Telecommunications & Network Security

4545

Introduction to the TCP/IP Introduction to the TCP/IP Standard ApplicationsStandard Applications

– DHCP–Provides for management of IP parameters.

– TELNET–Provides remote terminal emulation.– FTP–Provides a file transfer protocol.– TFTP–Provides for a simple file transfer

protocol.– SSH-Encrypted remote terminal & file

transfer– SMTP–Provides a mail service.– DNS–Provides for a name service.

Page 46: Telecommunications & Network Security

4646

DHCP OperationDHCP OperationDHCPDHCPServerServer

BB

DHCP ClientDHCP ClientDHCPDHCPServerServer

AA

DHCP DiscoverDHCP A Offer (IP addr)DHCP A Offer (IP addr)

DHCP B Offer (IP addr)DHCP B Offer (IP addr)

DHCP Request (A)DHCP Request (A)

DHCP A ACKDHCP A ACK

FFFFFF

Page 47: Telecommunications & Network Security

4747

TELNETTELNET

TELNETTELNETclientclient

HostHost

TELNET TELNET serverserver

TELNET TELNET serverserver

Page 48: Telecommunications & Network Security

4848

File Transfer Protocol (FTP)File Transfer Protocol (FTP)

ClientClient

HostHost

StorageStorage

(TFTP – (TFTP – uses UDP)uses UDP)

Page 49: Telecommunications & Network Security

4949

Simple Mail Transfer Protocol (SMTP)Simple Mail Transfer Protocol (SMTP)

–Basic RFCs 821, 822, 974.–Very fast and capable of delivery guarantee depending on client & server.–Primary protocols are used for today’s email.

• SMTP–operates over TCP, used primarily as send protocol• POP–operates over TCP, basic receive protocol• IMAP-allows remote storage• Exchange-calendar, contacts, storage, news• http-web interface

–Problems:• Phishing, viruses, no built in protects for “stupidity”• Client software glitches

Page 50: Telecommunications & Network Security

5050

Post Office Protocol (POP)Post Office Protocol (POP)

– SMTP is set up to send and receive mail by hosts that are up full time.

• No rules for those hosts that are intermittent on the LAN– POP emulates you as a host on the network.

• It receives SMTP mail for you to retrieve later– POP accounts are set up for you by an ISP or your company.– POP retrieves your mail and downloads it to your personal computer

when you sign on to your POP account.

Page 51: Telecommunications & Network Security

5151

POP OperationPOP Operation

TCP port 110 connectionTCP port 110 connectionattemptattempt ““POP3 server ready” replyPOP3 server ready” reply

Wait for authentication Wait for authentication

Send authenticationSend authentication Process authentication and ifProcess authentication and ifokay, enter transaction stateokay, enter transaction stateLock mailbox for user.Lock mailbox for user.Assign messages numbersAssign messages numbersSend messagesSend messagesDelete (possibly) messagesDelete (possibly) messages

Retrieve all messagesRetrieve all messagesSend QUIT commandSend QUIT commandSession closedSession closed

Quit receivedQuit receivedPerform update on mailboxPerform update on mailbox

Read messages locallyRead messages locally

POPPOPServerServer

POP ClientPOP Client

Page 52: Telecommunications & Network Security

5252

SMTP, DNS, and POP TopologySMTP, DNS, and POP Topology

YourYourPCPC

POP3/SMTPPOP3/SMTP

mnauglemnaugleuser1user1user2user2

SMTPSMTP

Your ISPYour ISP

Send mailSend mail

Retrieve mailRetrieve mail

InternetInternet

SMTPSMTP

DNSDNS

joejoe POP ServerPOP ServerJoe’s PCJoe’s PC

send mailsend mail

Retrieve mailRetrieve mail

DNSDNS

Remote ISPRemote ISP

root DNSroot DNS

POP ServerPOP Server

Page 53: Telecommunications & Network Security

5353

IPv6IPv6

– IPv6 features:

• 128 bit address space

• 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses

• ARP not used, “Neighbor Discovery Protocol"

– IPv6 addressing:

• Unicast: A one-to-one IP transfer

• Multicast: A one-to-many-but-not-all transfer

• Anycast: A one-to-many-but-not-all (nearest in group)

• No broadcast

Page 54: Telecommunications & Network Security

5454

ReferencesReferences

– RFCs: 1180 - A TCP/IP tutorial, 1812 - IP Version 4 Routers1122 - Requirements for Internet Hosts -- Communication Layers1123 –Requirements for Internet Hosts -- Application & Support826 – Address Resolution Protocol, 791 – IP addressing,950 – Subnetting, 1700 – Assigned Numbers

– TCP/IP 24/7 (ISBN: 0782125093)

– MCSE TCP/IP for Dummies : Cameron Brandon

– Illustrated TCP/IP : Matthew Naugle