Document 7347945
Download
Report
Transcript Document 7347945
ITP 457
Network Security
Networking Technologies I
Overview
OSI seven layer model
Network Protocols
TCP
OSI model
Introduced in 1980
Based on the concept of Protocol Layering
Protocol Layering – when 2 computers want to
communicate with each other, a series of small
software modules on each system would do a “set
of tasks” to foster the communication
Completely theoretical
No one today uses actual implementation of the seven
layer model
Used for teaching network technologies
What is a network protocol?
Set of rules for sending and receiving data
across a physical network
Also consists of software to implement these
rules
Physical topology lays out the physical
devices; logical topology instructs the
hardware how to separate the data into
packets; protocols handle the translation from
software to the logical topology
What kinds of tasks?
Modules for :
Making sure data is formatted properly
Taking care of retransmitting lost packets
Actually transferring the packet from hop to hop in
the network
Module = layer
Each module has a small refined job to do in
the communication
Protocol Stack
All modules taken together are called “protocol stack”
Protocol Stack
Each layer on sending machine
communicates with the same layer on
receiving machine.
Lower layers provide services to higher
layers
Benefit : Layered approach enables us to
replace software on one layer while other
layers remain the same
The OSI Layers
Application Layer - The application layer is the
OSI layer closest to the end user, and this layer
interacts with software applications that implement a
communicating component.
Telnet , FTP, SMTP, HTTP
Also MS Word and Excel
Presentation Layer – This layer deals with how data
elements will be represented for transmission.
EBCDIC, ASCII, MPEG
Also SSL, TLS
OSI Layers Continued
Session Layer- This layer co-ordinates sessions
between communicating machines, helping them
initiate, maintain and manage them.
TCP Ports, NetBIOS,
Transport Layer- This layer is used to provide a
reliable communication stream between the two
systems, potentially including retransmitting lost
packets, putting packets in proper order and
providing error checking.
TCP, UDP
OSI Layers Continued
Network Layer - This layer is responsible for moving
data from one system across a bunch of “routers” to
the destination machine, end to end across the
network.
Data Link Layer- This layer moves data across “one”
hop of the network.
Routers work here
IP, IPSec, ARP, IPX
Ethernet, PPP, SLIP, Token Ring
Physical Layer – This layer actually transmits the
bits across the physical link or cable
10BaseT, 100BaseT, 802.11b/g, DSL
An example to explain the
seven layers
Taken from Lewis Technology:
http://www.lewistech.com/rlewis/Resources/J
amesBondOSI2.aspx
James Bond and the OSI seven Layer Model
Situation: James Bond must
deliver a confidential message
Meets Number One on the 7th floor (Application)
Goes to the 6th floor (Presentation)
A message is handed to Bond. His mission is to deliver this
message to the U.S. Ambassador in London.
Bond copies the message into a secret code and destroys
the original message.
Goes to the 5th floor (Session)
Security double checks that bond has the whole message,
and puts a seal on the message verifying that it is
complete.
Bond goes through more
security
Goes to the 4th Floor (Transport)
Here, Bond sees if there are any other messages to deliver to the
U.S. Ambassador. Also, if the message is too heavy for Bond to
deliver all at once, he can break up the message and hand parts
to other Agents to deliver to the Ambassador.
Goes to the 3rd Floor (Network)
Here, Bond proceeds to look up the U.S. Embassy’s address,
and double checks to make sure that the U.S. Ambassador is
indeed there. Bond also uses mapquest to plot out his route.
Goes to the 2nd Floor (Data Link)
Here, Bond puts the message in a special courier pouch with the
seal of MI6. He also puts a note inside saying if there are other
parts of the message, who the message is from, and for whom
the message is intended.
Bond gets moving!
Goes to the 1st Floor (Physical)
Here, Q hands Bond the keys to his Aston Martin
to race to the embassy.
At the US Embassy:
Bond goes through the same process, starting at
the 1st floor, then getting to the 7th floor to deliver
the message
TCP/IP
No one uses the OSI protocols
Every major computer system ranging from
mainframes to the smallest of palmtops
support TCP/IP
Open Standard – no one controls it
Part of Internet Engineering Task Force (IETF)
Where does TCP/IP it fit in?
TCP/IP adheres to the bottom 4 layers of the
OSI model. It views everything above that as
the responsibility of the application.
Application
Application
(Web browser,email client,
(Web browser,email client,
telnet client)
telnet client)
Transport Layer
TCP
Transport Layer
(TCP)
Network Layer
(IP)
Network Layer
(IP)
Network Layer
(IP)
Data Link Layer
Data Link Layer
Data Link Layer
Physical Layer
Physical layer
System Alice
Router
Physical Layer
System BOB
Understanding TCP/IP
Developed for academia and research and includes no built-in strong
security capabilities
Its really a suite of protocols, including
TCP – Transmission Control Protocol; Ensures that communications are
established and maintained
IP – Internet Protocol; Handles software computer addresses
ARP – Address Resolution Protocol; Associates IP addresses with MAC
addresses
RIP – Routing Information Protocol; finds routes in the network
Not really good for large networks – for that, use OSPF
ICMP – Internet Control Message Protocol; Handles error messages for
TCP/IP (ping command)
PPP – Point to Point Protocol; dial-up protocol
SMTP – Simple Main Transport Protocol; used to send e-mail
POP3/IMAP4 – Post Office Protocol v3/Internet Message Advertising
Protocol v4; used for receiving e-mail
TCP/IP
Traditional TCP/IP protocol suite provides no means
for ensuring the confidentiality, integrity or
authentication of any data transmitted across the
network.
This means that when you send any packet across
the internet, TCP/IP will allow any other user to see
or modify your data !!!
Traditionally all security capabilities were
implemented in the applications.
Recent extensions to TCP/IP – IPSec
Still fairly new
TCP
Workhorse of the Internet
Some of the applications that use TCP
File transfer
telnet
Email using various protocols
Web browsing, using HTTP
Each of these applications generates packets
and passes them to the TCP/IP stack on the
local machine.
TCP Ports
Header of each TCP packet contains 2 port
numbers: a source port and a destination
port.
Port : logical “little doors” on a system where
data can be sent and received.
There are 65,535 different TCP Ports on each
machine.
TCP Port Numbers
Well known TCP ports:
20, 21 – FTP ( File Transfer Protocol )
22 – SSH – ( Secure SHell )
23 – Telnet
25 – SMTP ( Simple Mail Transfer Protocol )
53 – DNS ( Domain Name Server )
80 – HTTP ( Hyper Text Transfer Protocol )
443 – HTTPS ( HTTP over SSL/TLS )
TCP Port Numbers Continued
Well known TCP ports for Applications:
1214 – Kazaa
3074 – Xbox Live
3306 – MySQL
3724 – World of Warcraft
5001 – Slingbox
5050 – Yahoo Messenger
5190 – ICQ and AOL Instant Messenger
6891 through 6901 – MSN Messenger
31337 – BackOrifice
TCP Port Communication
Server listens on “open” ports
Client sends request and connects to an
“open” port on server
To see which ports are in use on a
windows/2000 or Unix system, you can use
“netstat –na”
Attackers often take an inventory of open
ports on a system using various tools!!!!
TCP control bits
U
R
G
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
TCP Control bits
URG – Urgent Pointer
ACK – used to acknowledge earlier packets
PSH – used to flush data through the TCP layer
RST – reset function , due to error or interruption
SYN – system should synchronize sequence
numbers.
FIN – There is no more data from sender. Therefore
session should be terminated.
Handshake
TCP communication sessions established
using 3-way handshake.
SYN , ACK used in handshake
Hacker can violate the three way handshake
when scanning a target
Reference
Networking : A Beginner's Guide (Network
Professional's Library)
by Bruce A. Hallberg
Absolute Beginner's Guide to Networking
(3rd Edition)