CS363Week 10 - Monday

Last time

What did we talk about last time? Inference Multilevel databases

Questions?

Project 3

Assignment 4

Security PresentationGraham Welsh

Network Basics

Packet switched

The Internet is a packet switched system

This means that individual pieces of data (called packets) are sent on the network Each packet knows where it is going A collection of packets going from point

A to point B might not all travel the same route

C

BA

D

12

Circuit switched

Phone lines are circuit switched This means that a specific circuit is

set up for a specific communication Operators used to do this by hand Now it is done automatically Only one path for data

C BA1

Circuit vs. packet switching

Which one is faster? Circuit switching

Which one is more predictable? Circuit switching

So, why is the Internet packet switched? More adaptable

ARPA

The Advanced Research Projects Agency was created in 1958 to respond to the Russians launching Sputnik

The ARPANET connected its first two major nodes over 10 years later

Packet switched was used so that the network could still communicate after a nuclear strike

Network strength

If a single cut can case a network to go down, that network is vulnerable to a single point of failure

Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city Resilience or fault tolerance

Terminology

A computer network is at least two computers connected together Often one is a server and the other is a

client A computer system in a network is

called a node The processor in a node is called a

host A connection between two hosts is a

link

Network characteristics

Anonymity: We don’t know who we’re dealing with

Automation: Communication may be entirely between machines without human supervision

Distance: Communications are not significantly impacted by distance

Opaqueness: It is hard to tell how far away other users are and to be sure that someone claiming to be the same user as before is

Shape and size

The arrangement of a network, in terms of its links, is called its topology

The boundary separates systems that are on a network from those that are not With the Internet, this line is blurry

It is hard to know who owns hosts in a network Makes enforcing the law difficult

How is a network controlled? Who does it?

Communication

Analog or digital A modem converts between the two Portmanteau of “modulator-demodulator”

Copper wire is the main workhorse Twisted pair is a pair of insulated copper wires▪ Limit of about 10 Mbps and about 300 feet without a

boost Coaxial cable has a single wire surrounded by

an insulation jacket covered by a grounded braid of wire▪ Repeaters or amplifiers are needed periodically to

prevent signal degradation

Other media

Optical fiber Carries light instead of electricity Higher bandwidth and less signal degradation than copper Replacing aging copper lines

Wireless Good for short distance Uses radio signals

Microwave Strong signals Requires line of sight

Infrared Similar to microwave but weaker signals

Satellites Need geosynchronous orbits Secure applications need smaller footprints than broadcasts

Protocols

There are many different communication protocols

The OSI reference model is an idealized model of how different parts of communication can be abstracted into 7 layers

Imagine that each layer is talking to another parallel layer called a peer on another computer

Only the physical layer is a real connection between the two

Application

Presentation

Session

Transport

Network

Data Link

Physical

Layers

Protocols and standards define each layer Not every layer is always used Sometimes user errors are referred to as Layer 8

problemsLayer Name Activity Example

7 Application

User-level data HTTP

6 Presentation

Data appearance, some encryption SSL

5 Session Sessions, sequencing, recovery IPC and part of TCP

4 Transport Flow control, end-to-end error detection

TCP

3 Network Routing, blocking into packets IP

2 Data Link Data delivery, packets into frames, transmission error recovery

Ethernet

1 Physical Physical communication, bit transmission

Electrons in copper

TCP/IP

The OSI model is conceptual Most network communication uses

TCP/IP We can view TCP/IP as four layers:Layer Action Responsibilities Protocol

Application Prepare messages User interaction HTTP, FTP,

etc.

Transport Convert messages to packets

Sequencing, reliability, error correction

TCP or UDP

Internet Convert packets to datagrams Flow control, routing IP

Physical Transmit datagrams as bits Data communication

TCP/IP

Transmission Control Protocol (TCP) Creates a reliable communication session Wraps information into packets Uses port numbers to connect processes to

information streams Internet Protocol (IP)

Allows for unreliable transport Wraps packets into datagrams Uses IP addresses for routing

User Datagram Protocol (UDP) Alternative to TCP that is unreliable but has low

overhead

Addressing

A message datagram is sent to a domain name such as google.com

The Domain Name System (DNS) converts google.com into an IP address such as 74.125.226.229

The server at 74.125.226.229 receives the datagram and unwraps the corresponding packet

The packet has a port number (probably port 80, for HTTP), which is delivered to whatever program is communicating on port 80

Types of Networks

Local area network (LAN) Small: Often not more than 100 users within 2 miles Local controlled Physically protected Limited scope

Wide area network (WAN) One organization controls it Covers a large distance Physically exposed

Internetworks A connection of two or more separate networks The most significant is the Internet Enormous Heterogeneous Physically and logically exposed

Network Threats

Why is a network vulnerable?

Anonymity Many points of attack (targets and

origins) Sharing Complexity Unknown perimeter

Why do people attack networks? Challenge Fame Money

State espionage Industrial espionage

Organized crime Stolen credit card numbers Identity theft

Ideology Hacktivist groups like Anonymous Cyberterrorism from al Qaeda and similar groups

Kevin MitnickOnce the most wanted computer criminal in the

US

Reconnaissance

Reconnaissance

A smart attacker learns everything he or she can about the system before attacking it

Useful methods for reconnaissance of a network include: Port scans Social engineering Dumpster diving OS and application fingerprinting Background research

Port scan

Many targeted systems include servers that are always listening on various ports, waiting for communication

A port scanner is a program that tries to connect on many interesting ports to see what kinds of communication is ready to do

If a server is poorly configured, it might be listening on ports even the administrators don’t know about

Common free port scanners: nmap netcat

Social engineering

Social engineering means techniques used to get a human being to unknowingly divulge information to an outsider

Often this is done by posing as tech support or some kind of contractor

Attackers can pretend to be someone from another department

Most employees have been trained to be reluctant to give up their passwords However, they will often reveal their IP address, OS

information, and other useful pieces of system information

Gathering more intelligence Port scans and social engineering can tell a lot Dumpster diving or going through trash can

tell a lot as well You can learn which pieces of hardware have been

bought by their packaging Phone lists or organization charts could be in the

trash Diagrams, notes, even passwords could be written

on scraps of paper Old hard drives with sensitive information could turn

up For high level attacks, real spying is possible

OS and application fingerprinting

Port scanning gives a lot of information For example, port 80 is used for HTTP

But you may want to know which OS or application is actually listening at a port Vulnerabilities are often system-dependent

Some applications will reveal themselves directly Others will give more information if you ask for a

feature that is unavailable or give a bad command You are being fingerprinted when you visit

websites Your browser identifies which browser it is You can hide this information, but your web pages might

look weird

Documentation and hacking tips How do you actually do the attack? Same as everything else:

Google Once you know the system you are attacking,

you can search the Internet and security blogs and boards for vulnerabilities

Because networking is often between different kinds of systems running different kinds of software, features are well-documented Most big viruses and worms use publicly known

vulnerabilities that haven’t been patched

Eavesdropping

Eavesdropping and wiretapping Eavesdropping means overhearing private

information without much effort Administrators need to periodically monitor

network traffic Wiretapping implies that more effort is

being used to overhear information Passive wiretapping is only listening to

information Active wiretapping means that you may

adding or changing information in the stream

Cable wiretapping

If you are on the same LAN, you can use a packet sniffer to analyze packets Packets are constantly streaming by, and your computer usually only

picks up those destined for it Passwords are often sent in the clear Wireshark is a free, popular packet sniffer

Cable modems are filters that give you only the data you need Sophisticated attackers can tap into a cable network Data is supposed to be encrypted, but many networks don’t turn

encryption on Inductance is a property that can allow you to measure the

signals inside of a wire without a direct physical connection Using inductance or physically connecting to a wire changes its

impedance, which can (but usually is not) measured Signals are often multiplexed, sharing media with other

signals, which can increase the sophistication needed to wiretap

Wireless eavesdropping

Wireless networks are easy to disrupt, but attackers usually have little to gain by this

Since they are broadcast, it is not difficult to intercept the signal Special antennas can receive the signal from a

longer distance than usual Some networks are entirely unencrypted WEP is almost completely broken WPA have WPA2 have vulnerabilities that

can be exploited in some cases

Other media

Microwave is easy to intercept Long distance phone can use microwaves Cell phones can use microwaves

One difficulty with making use of the intercepted signal is that microwave signals are heavily multiplexed, making it hard to untangle individual signals

Satellites are similar (unsecure but heavily multiplexed)

Optical fiber is very difficult to tap Cutting a single fiber means recalibrating the network Repeaters and taps that connect the fiber are the best

places to attack

Upcoming

Next time…

More on network threats Network security controls Cody Kump presents

Reminders

Read Sections 7.2 and 7.3 Work on Assignment 4

Due on Friday Study for Exam 2

Next Monday