Upload
arnold-patrick
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
CS363Week 10 - Monday
Last time
What did we talk about last time? Inference Multilevel databases
Questions?
Project 3
Assignment 4
Security PresentationGraham Welsh
Network Basics
Packet switched
The Internet is a packet switched system
This means that individual pieces of data (called packets) are sent on the network Each packet knows where it is going A collection of packets going from point
A to point B might not all travel the same route
C
BA
D
12
Circuit switched
Phone lines are circuit switched This means that a specific circuit is
set up for a specific communication Operators used to do this by hand Now it is done automatically Only one path for data
C BA1
Circuit vs. packet switching
Which one is faster? Circuit switching
Which one is more predictable? Circuit switching
So, why is the Internet packet switched? More adaptable
ARPA
The Advanced Research Projects Agency was created in 1958 to respond to the Russians launching Sputnik
The ARPANET connected its first two major nodes over 10 years later
Packet switched was used so that the network could still communicate after a nuclear strike
Network strength
If a single cut can case a network to go down, that network is vulnerable to a single point of failure
Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city Resilience or fault tolerance
Terminology
A computer network is at least two computers connected together Often one is a server and the other is a
client A computer system in a network is
called a node The processor in a node is called a
host A connection between two hosts is a
link
Network characteristics
Anonymity: We don’t know who we’re dealing with
Automation: Communication may be entirely between machines without human supervision
Distance: Communications are not significantly impacted by distance
Opaqueness: It is hard to tell how far away other users are and to be sure that someone claiming to be the same user as before is
Shape and size
The arrangement of a network, in terms of its links, is called its topology
The boundary separates systems that are on a network from those that are not With the Internet, this line is blurry
It is hard to know who owns hosts in a network Makes enforcing the law difficult
How is a network controlled? Who does it?
Communication
Analog or digital A modem converts between the two Portmanteau of “modulator-demodulator”
Copper wire is the main workhorse Twisted pair is a pair of insulated copper wires▪ Limit of about 10 Mbps and about 300 feet without a
boost Coaxial cable has a single wire surrounded by
an insulation jacket covered by a grounded braid of wire▪ Repeaters or amplifiers are needed periodically to
prevent signal degradation
Other media
Optical fiber Carries light instead of electricity Higher bandwidth and less signal degradation than copper Replacing aging copper lines
Wireless Good for short distance Uses radio signals
Microwave Strong signals Requires line of sight
Infrared Similar to microwave but weaker signals
Satellites Need geosynchronous orbits Secure applications need smaller footprints than broadcasts
Protocols
There are many different communication protocols
The OSI reference model is an idealized model of how different parts of communication can be abstracted into 7 layers
Imagine that each layer is talking to another parallel layer called a peer on another computer
Only the physical layer is a real connection between the two
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layers
Protocols and standards define each layer Not every layer is always used Sometimes user errors are referred to as Layer 8
problemsLayer Name Activity Example
7 Application
User-level data HTTP
6 Presentation
Data appearance, some encryption SSL
5 Session Sessions, sequencing, recovery IPC and part of TCP
4 Transport Flow control, end-to-end error detection
TCP
3 Network Routing, blocking into packets IP
2 Data Link Data delivery, packets into frames, transmission error recovery
Ethernet
1 Physical Physical communication, bit transmission
Electrons in copper
TCP/IP
The OSI model is conceptual Most network communication uses
TCP/IP We can view TCP/IP as four layers:Layer Action Responsibilities Protocol
Application Prepare messages User interaction HTTP, FTP,
etc.
Transport Convert messages to packets
Sequencing, reliability, error correction
TCP or UDP
Internet Convert packets to datagrams Flow control, routing IP
Physical Transmit datagrams as bits Data communication
TCP/IP
Transmission Control Protocol (TCP) Creates a reliable communication session Wraps information into packets Uses port numbers to connect processes to
information streams Internet Protocol (IP)
Allows for unreliable transport Wraps packets into datagrams Uses IP addresses for routing
User Datagram Protocol (UDP) Alternative to TCP that is unreliable but has low
overhead
Addressing
A message datagram is sent to a domain name such as google.com
The Domain Name System (DNS) converts google.com into an IP address such as 74.125.226.229
The server at 74.125.226.229 receives the datagram and unwraps the corresponding packet
The packet has a port number (probably port 80, for HTTP), which is delivered to whatever program is communicating on port 80
Types of Networks
Local area network (LAN) Small: Often not more than 100 users within 2 miles Local controlled Physically protected Limited scope
Wide area network (WAN) One organization controls it Covers a large distance Physically exposed
Internetworks A connection of two or more separate networks The most significant is the Internet Enormous Heterogeneous Physically and logically exposed
Network Threats
Why is a network vulnerable?
Anonymity Many points of attack (targets and
origins) Sharing Complexity Unknown perimeter
Why do people attack networks? Challenge Fame Money
State espionage Industrial espionage
Organized crime Stolen credit card numbers Identity theft
Ideology Hacktivist groups like Anonymous Cyberterrorism from al Qaeda and similar groups
Kevin MitnickOnce the most wanted computer criminal in the
US
Reconnaissance
Reconnaissance
A smart attacker learns everything he or she can about the system before attacking it
Useful methods for reconnaissance of a network include: Port scans Social engineering Dumpster diving OS and application fingerprinting Background research
Port scan
Many targeted systems include servers that are always listening on various ports, waiting for communication
A port scanner is a program that tries to connect on many interesting ports to see what kinds of communication is ready to do
If a server is poorly configured, it might be listening on ports even the administrators don’t know about
Common free port scanners: nmap netcat
Social engineering
Social engineering means techniques used to get a human being to unknowingly divulge information to an outsider
Often this is done by posing as tech support or some kind of contractor
Attackers can pretend to be someone from another department
Most employees have been trained to be reluctant to give up their passwords However, they will often reveal their IP address, OS
information, and other useful pieces of system information
Gathering more intelligence Port scans and social engineering can tell a lot Dumpster diving or going through trash can
tell a lot as well You can learn which pieces of hardware have been
bought by their packaging Phone lists or organization charts could be in the
trash Diagrams, notes, even passwords could be written
on scraps of paper Old hard drives with sensitive information could turn
up For high level attacks, real spying is possible
OS and application fingerprinting
Port scanning gives a lot of information For example, port 80 is used for HTTP
But you may want to know which OS or application is actually listening at a port Vulnerabilities are often system-dependent
Some applications will reveal themselves directly Others will give more information if you ask for a
feature that is unavailable or give a bad command You are being fingerprinted when you visit
websites Your browser identifies which browser it is You can hide this information, but your web pages might
look weird
Documentation and hacking tips How do you actually do the attack? Same as everything else:
Google Once you know the system you are attacking,
you can search the Internet and security blogs and boards for vulnerabilities
Because networking is often between different kinds of systems running different kinds of software, features are well-documented Most big viruses and worms use publicly known
vulnerabilities that haven’t been patched
Eavesdropping
Eavesdropping and wiretapping Eavesdropping means overhearing private
information without much effort Administrators need to periodically monitor
network traffic Wiretapping implies that more effort is
being used to overhear information Passive wiretapping is only listening to
information Active wiretapping means that you may
adding or changing information in the stream
Cable wiretapping
If you are on the same LAN, you can use a packet sniffer to analyze packets Packets are constantly streaming by, and your computer usually only
picks up those destined for it Passwords are often sent in the clear Wireshark is a free, popular packet sniffer
Cable modems are filters that give you only the data you need Sophisticated attackers can tap into a cable network Data is supposed to be encrypted, but many networks don’t turn
encryption on Inductance is a property that can allow you to measure the
signals inside of a wire without a direct physical connection Using inductance or physically connecting to a wire changes its
impedance, which can (but usually is not) measured Signals are often multiplexed, sharing media with other
signals, which can increase the sophistication needed to wiretap
Wireless eavesdropping
Wireless networks are easy to disrupt, but attackers usually have little to gain by this
Since they are broadcast, it is not difficult to intercept the signal Special antennas can receive the signal from a
longer distance than usual Some networks are entirely unencrypted WEP is almost completely broken WPA have WPA2 have vulnerabilities that
can be exploited in some cases
Other media
Microwave is easy to intercept Long distance phone can use microwaves Cell phones can use microwaves
One difficulty with making use of the intercepted signal is that microwave signals are heavily multiplexed, making it hard to untangle individual signals
Satellites are similar (unsecure but heavily multiplexed)
Optical fiber is very difficult to tap Cutting a single fiber means recalibrating the network Repeaters and taps that connect the fiber are the best
places to attack
Upcoming
Next time…
More on network threats Network security controls Cody Kump presents
Reminders
Read Sections 7.2 and 7.3 Work on Assignment 4
Due on Friday Study for Exam 2
Next Monday