Network Security Unless otherwise noted, material (images) in these slides are from Security in Computing by Pfleeger and Pfleeger. Organization of this session • Overview of networks and network architectures. – Layered model of networks. – The concept of network protocols. • Vulnerabilities, threats and exploits to networks. – A survey of exploits. • How vulnerable is our network? – Following the footsteps of attackers – Using ping, traceroute, nmap and nessus to determine how vulnerable a network really is. Overview of a network: A simple view. Usually a PC or workstation. Called “Client” Figure 7-1 Simple View of Network. Image © Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Communication media: e.g., microwave, broadband, telephone cable, bluetooth, cellular etc.. Called “Server”. Provides some service, e.g. “Web Server” or “Mail server”. A more realistic scenario: When user A sends a message to System 3, she may not be aware that the message is passing through System 1. User A User B System 3 System 1 System 2 User C More Complex but More Typical View of Networks. Network terminology • Node: usually a workstation or PC or a router (a device that routes network data). • Links: end points of a communication link. • Media: for transmission. Next: Introduction to network security – who attacks networks? © Pfleeger – Material on this slide and others from the textbook Security in Computing by Pfleeger. Page 382. Who attacks networks, what are their motives? • • • • • Challenge. • Examples: Robert Morris; the Cult of the Dead Cow. Fame. • Examples: Kevin Mitnick. Money and Espionage. Organized Crime. • E.g., Shadowcrew (28 member gang). Ideology (from recent press clippings) • e.g., Hactivism (Hackers anonymous on VISA/Mastercard due to fallout with Wikileaks), Cyberterrorism. Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. What makes networks vulnerable? • Class exercise: • what are some of the threats to networks that you are familiar with? • what makes networks such a juicy target? What makes networks vulnerable? Here are some possible reasons: • • • • • Anonymity. Many points of attack (targets and origins) Sharing. Complexity of the system. Lack of single ownership, control, understanding • Unknown perimeter • Unknown Path. We will look at some of these issues in more detail… Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Anonymity. Attackers are harder to trace as they can hide behind several routers and proxies. © Peter Steiner , The New Yorker, (July 5 1992). This cartoon is being used on this slide under the Fair Use clause of the U.S Copyright act only for classroom teaching. Complex networks may not have clear boundaries. E.g., Network C (which contains multiple computers) can be accessed from B, A and D. Part of Network C is accessible in D. Figure 7-11 Unclear Network Boundaries. Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Another example of unclear boundaries Radford’s network issue: can we reach a machine from from off-campus without using VPN? ruacad is a computer outside RU’s firewall. Can be used to reach most computers inside the campus. ruacad.radford.edu RU’s firewall – forces everyone to use the CISCO VPN client from off-campus to access a machine on-campus Cautela.radford.edu So a RU student can first login to ruacad and then into any campus machine without going through the VPN. If you want to control traffic from A to B, cannot install the controller only on C or D. Figure 7-12 Uncertain Message Routing in a Network. Source: Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Next: Understanding how network software works: concepts of protocols and layers. Protocols: software that drives networks. • Communications between computers requires very specific unambiguous rules called a protocol. • A protocol is a set of rules that governs how two or more communicating parties are to interact Meaning of a protocol (simple example) • E.g., consider this example (this is a protocol) and fill in the blanks: Me: Knock Knock… You: ______ Me: Ya You: ______ How did you know what to fill in the blanks? This is an example of a protocol. © Anonymous. Unable to attribute. Another example of a (non computer network related) protocol • Example: A student wants to ask the instructor a question. – What steps does the student take to ask the question? – What steps does the instructor take to answer a question? • Next: The world of protocols gets complicated… A small task in a computer network can be quite complicated – multiple protocols for each task … • Suppose we want to send an email from one computer to another. Let us look at a few tasks involved in a computer network. 5. Congestion control mechanisms: dealing with too much traffic 6. Different types of transmission media: cable, wireless, bluetooth … Network Source Destination Desktops Destination 4. Error checks – any errors during transmission? User User 1. Different formats for different networking data. 3. Routing the data 2.Intermediate Digital (which machines maybe different Transmissio from each other n lines to exchange the email. through the network: what if there are multiple routes? How to pick the best one? A small task in a computer network can be quite complicated – multiple protocols for each Decisions decisions… … • Suppose we want to send an email from one computer to another. us look at a few deal tasks involved in adecisions? computer How does Let a computer network with so many network. all these decisions need to be made by software (remember programs) 6. Different types of (A)Give up and go transmission media: cable, wireless, bluetooth … back to 5. Congestion control mechanisms: using pigeons dealing with too much traffic Destination Desktops (A)Develop interfaces, and modules that implement the interface. The interface (API) is called a "protocol". Destination 4. Error Network checks – any errors during transmission? Answer B. Source Observations: • Each decision in someUser ways is made by a protocol. • Also,User protocols need to work together to accomplish a task 3. Routing the data (e.g., sending an email). 1. Different types through the network: 3.Intermediate • Some protocols deal with lower level details (e.g., wired or wiDigital (which of network data, machines what if there are fi?isPaper or plastic?) anddifferent some deal with higher level details e.g., email maybe Transmissio multiple routes? How different(e.g., from HTTP a from each other or Email?, Error check or no error check?) to pick the best one? n lines web request or an IM. to exchange the email. Examples of different computer network protocols and their levels. Higher level details 1. Web-client speaks to the web-server using HTTP – hyper text transfer protocol. 2. SSH (Secure Shell protocol) is used to allow for secure remote connections. 3. SIP (Session Initiation Protocol) is used to make VoIP telephone calls. Slightly lower level details (Transport/routing) 4. Transport control protocol (TCP) (e.g., task error checking) – checks if network data reached its destination without errors. Retransmit if necessary, 5. IP (Internet Protocol) is used to find “good” route to transport the packet. Lower level details 6. Medium Access protocol: Protocols that determine how to use and share a specific communication medium (e.g., medium: wired, wifi, bluetooth) when sending data. • to avoid collisions between data when the same communication media are being used to transmit different data items. Layers, Services & Protocols • Specifically, every network application (e.g. email client) runs certain specific services from protocols: – Transport: across a network from source to destination. • • Deals with tasks such as error check and correction. Identifying destination address. – Routing and forwarding: across multiple hops. • More short sighted…. – Transferring raw data from one physical interface to another. • Least sighted • These protocols are therefore organized into layers. Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Protocols work with each other (Example). • First some pre-requisite knowledge: – – Domain names: When browsing the Internet, we use domain names – these are names given to a specific server or group of servers. E.g., www.radford.edu is the domain name associated with Radford’s web server. IP addresses: Every computer on the Internet has a distinct address called IP address. It is a number that looks like this: • – Port numbers: It is the number associated with each network program running on our computer. • – – 137.45.192.132 E.g., Open a command prompt on your Windows computer or a terminal on your Mac/Linux computer. – Type “nslookup www.radford.edu”. – You will notice that this is associated with an IP address. » What is it? E.g., Webservers are associated with port number 80; SSH server associated with port number 22. To address a specific program on the Internet we use both an IP address and a port number. E.g., • • • To reach Radford Universities webserver, we use the domain name: www.radford.edu . This in turn translates to an IP address such as 137.45.192.132 and port number 80. We use the notation: 137.45.192.132:80 to represent this. • This is also called as internet address. Every computer on the internet has a unique internet address (with exceptions) Source: © Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Protocols work with each other (Example). • With the pre-requisite knowledge from the last slide – Consider the simple task of browsing the Internet. – We open a web-browser and type in a URL (e.g., www.nytimes.com). – Let us see what protocols are involved. Source: © Chapter 7, Security in Computing 3rd Edition, by Pfleeger and Pfleeger. Web Browsing Application • Documents are prepared using HyperText Markup Language (HTML) • A browser application program is used to access the web • The browser displays HTML documents that include links to other documents • Each link references a Uniform Resource Locator (URL) that gives the name of the machine and the location of the given document • Let’s see what happens when a user clicks on a link Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 1. DNS A. 64.15.247.200 Q. www.nytimes.com? User clicks on http://www.nytimes.com/ URL contains Internet name of machine (www.nytimes.com), but not Internet address Internet needs Internet address to send information to a machine Browser software uses Domain Name System (DNS) protocol to send query for Internet address DNS system responds with Internet address TRY THIS: Open a command prompt on Windows and type: nslookup www.radford.edu. You just used the DNS protocol! Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 2. TCP ACK ACK, TCP Connection Request From: 64.15.247.200 Port 80 To:128.100.11.13 Port 1127 TCP Connection Request From: 128.100.11.13 Port 1127 To: 64.15.247.200 Port 80 Browser software uses HyperText Transfer Protocol (HTTP) to send request for document HTTP server waits for requests by listening to a well-known port number (80 for HTTP) HTTP client sends request messages through an “ephemeral port number,” e.g. 1127 Transmission Control Protocol (TCP) connection between the HTTP client and the HTTP server to transfer HTTP needs a messages reliably Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 3. HTTP Content 200 OK GET / HTTP/1.1 HTTP client sends its request message: “GET …” HTTP server sends a status response: “200 OK” HTTP server sends requested file Browser displays document Clicking a link sets off a chain of events across the Internet involves multiple protocols! (We did not cover some of the other protocols involved). Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Layers • A set of related communication functions that can be managed and grouped together • Application Layer: communications functions that are used by application programs – HTTP, DNS, SMTP (email) • Transport Layer: end-to-end communications between two processes in two machines – TCP, User Datagram Protocol (UDP) • Network Layer: node-to-node communications between two machines – Internet Protocol (IP) Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Example: HTTP • HTTP is an application layer protocol • Retrieves documents on behalf of a browser application program • HTTP specifies fields in request messages and response messages – Request types; Response codes – Content type, options, cookies, … • HTTP specifies actions to be taken upon receipt of certain messages Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 HTTP Protocol HTTP Client GET Response HTTP Server HTTP assumes messages can be exchanged directly between HTTP client and HTTP server In fact, HTTP client and server are processes running in two different machines across the Internet HTTP uses the reliable stream transfer service provided by TCP Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Example: TCP • • TCP is a transport layer protocol Provides reliable transport service between two processes in two computers across the Internet. (Think of it as providing receipt-certification.) • Sequence numbers keep track of the bytes that have been transmitted and received • Error detection and retransmission used to recover from transmission errors and losses • TCP is connection-oriented: the sender and receiver must first establish an association and set initial sequence numbers before data is transferred Connection ID is specified uniquely by • (send port #, send IP address, receive port #, receiver IP address) E.g., if you browse the RU website from a computer with IP address of: 137.45.192.132 then, the connection is uniquely identified by: (1234, 137.45.192.132 ; 80, 137.207.232.204) Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 HTTP uses service of TCP Source Destination HTTP server HTTP client Response GET Port 80 Port 1127 TCP Response GET 80, 1127 TCP GET bytes Response 1127, 80 TCP Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Example: UDP • UDP is a transport layer protocol • Provides best-effort datagram service between two processes in two computers across the Internet • Port numbers distinguish various processes in the same machine • UDP is connectionless • Datagram is sent immediately • Quick, simple, but not reliable Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Example: DNS Protocol • DNS protocol is an application layer protocol • DNS is a distributed database that resides in multiple machines in the Internet • DNS protocol allows queries of different types – Name-to-address or Address-to-name • DNS usually involves short messages and so uses service provided by UDP • Well-known port 53 Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521 Summary • Layers: related communications functions – Application Layer: HTTP, DNS, SMTP, World of Warcraft, … – Transport Layer: TCP, UDP – Network Layer: IP • Services: a protocol provides a communications service to the layer above – TCP provides connection-oriented reliable byte transfer service – UDP provides best-effort datagram service • Each layer builds on services of lower layers – HTTP builds on top of TCP – DNS builds on top of UDP – TCP and UDP build on top of IP Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and Indra Widjaja, ISBN: 978-0072463521