Network Security
Unless otherwise noted, material (images) in
these slides are from Security in Computing by
Pfleeger and Pfleeger.
Organization of this session
• Overview of networks and network
architectures.
– Layered model of networks.
– The concept of network protocols.
• Vulnerabilities, threats and exploits to
networks.
– A survey of exploits.
• How vulnerable is our network?
– Following the footsteps of attackers
– Using ping, traceroute, nmap and nessus to
determine how vulnerable a network really is.
Overview of a network: A simple view.
Usually a PC or
workstation.
Called “Client”
Figure 7-1 Simple View of Network.
Image © Security in Computing 3rd Edition, by
Pfleeger and Pfleeger.
Communication media:
e.g.,
microwave,
broadband, telephone
cable, bluetooth, cellular
etc..
Called “Server”.
Provides some
service, e.g. “Web
Server” or “Mail
server”.
A more realistic scenario: When user A sends a
message to System 3, she may not be aware that
the message is passing through System 1.
User A
User B
System 3
System 1
System 2
User C
More Complex but More Typical View of Networks.
Network terminology
• Node: usually a workstation or PC or a
router (a device that routes network data).
• Links: end points of a communication link.
• Media: for transmission.
Next: Introduction to network security – who
attacks networks?
© Pfleeger – Material on this slide and others from the textbook Security in
Computing by Pfleeger. Page 382.
Who attacks networks, what are
their motives?
•
•
•
•
•
Challenge.
• Examples: Robert Morris;
the Cult of the Dead Cow.
Fame.
• Examples: Kevin Mitnick.
Money and Espionage.
Organized Crime.
• E.g., Shadowcrew (28 member gang).
Ideology (from recent press clippings)
• e.g., Hactivism (Hackers anonymous on
VISA/Mastercard due to fallout with Wikileaks),
Cyberterrorism.
Source: Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
What makes networks vulnerable?
• Class exercise:
• what are some of the threats to
networks that you are familiar with?
• what makes networks such a juicy
target?
What makes networks vulnerable?
Here are some possible reasons:
•
•
•
•
•
Anonymity.
Many points of attack (targets and origins)
Sharing.
Complexity of the system.
Lack of single ownership, control,
understanding
• Unknown perimeter
• Unknown Path.
We will look at some of these issues in more
detail…
Source: Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
Anonymity.
Attackers are harder to trace as they can hide behind
several routers and proxies.
© Peter Steiner , The New Yorker, (July 5 1992). This cartoon is being used on this slide
under the Fair Use clause of the U.S Copyright act only for classroom teaching.
Complex networks may
not have clear
boundaries. E.g., Network
C (which contains
multiple computers) can
be accessed from B, A
and D. Part of Network C
is accessible in D.
Figure 7-11 Unclear Network Boundaries.
Source: Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
Another example of unclear boundaries
Radford’s network issue: can we reach
a machine from from off-campus
without using VPN?
ruacad is a
computer
outside RU’s
firewall. Can be
used to reach
most
computers
inside the
campus.
ruacad.radford.edu
RU’s firewall – forces
everyone to use the
CISCO VPN client from
off-campus to access a
machine on-campus
Cautela.radford.edu
So a RU
student can
first login to
ruacad and
then into any
campus
machine
without going
through the
VPN.
If you want to control
traffic from A to B, cannot
install the controller only on
C or D.
Figure 7-12 Uncertain Message Routing in a Network.
Source: Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
Next:
Understanding how
network software works:
concepts of protocols and
layers.
Protocols: software that drives networks.
• Communications between computers requires very
specific unambiguous rules called a protocol.
• A protocol is a set of rules that governs how two or
more communicating parties are to interact
Meaning of a protocol (simple example)
• E.g., consider this example (this is a protocol) and fill
in the blanks:
Me: Knock Knock…
You: ______
Me: Ya
You: ______
How did you know what to fill in the
blanks?
This is an example of a protocol.
© Anonymous. Unable to
attribute.
Another example of a (non computer
network related) protocol
• Example: A student wants to ask the
instructor a question.
– What steps does the student take to
ask the question?
– What steps does the instructor take to
answer a question?
• Next: The world of protocols gets
complicated…
A small task in a computer network can be quite
complicated – multiple protocols for each task
…
• Suppose we want to send an email from one computer to
another. Let us look at a few tasks involved in a computer
network.
5. Congestion
control
mechanisms:
dealing with too
much traffic
6. Different types of
transmission media:
cable, wireless,
bluetooth …
Network
Source
Destination
Desktops
Destination
4. Error checks –
any errors during
transmission?
User
User
1. Different
formats for
different
networking data.
3. Routing the data
2.Intermediate
Digital (which
machines
maybe
different
Transmissio
from
each other
n lines
to exchange the
email.
through the network:
what if there are
multiple routes? How
to pick the best one?
A small task in a computer network can be quite
complicated – multiple protocols for each
Decisions decisions…
…
• Suppose we want to send an email from one computer to
another.
us look at
a few deal
tasks
involved
in adecisions?
computer
How
does Let
a computer
network
with
so many
network. all these decisions need to be made by software
(remember
programs)
6. Different types of
(A)Give up
and go
transmission
media:
cable, wireless,
bluetooth …
back to
5. Congestion
control
mechanisms:
using
pigeons
dealing
with too
much traffic
Destination
Desktops
(A)Develop interfaces, and modules that implement the
interface. The interface (API)
is called a "protocol".
Destination
4. Error
Network
checks –
any errors during
transmission?
Answer B.
Source
Observations:
• Each decision in someUser
ways is made by a protocol.
• Also,User
protocols need to work together to accomplish a task
3. Routing the data
(e.g., sending an email).
1. Different types
through the network:
3.Intermediate
•
Some
protocols
deal
with
lower
level
details
(e.g., wired or wiDigital (which
of network data,
machines
what if there are
fi?isPaper or plastic?)
anddifferent
some deal with higher
level details
e.g., email
maybe
Transmissio
multiple routes? How
different(e.g.,
from HTTP
a
from
each other
or Email?,
Error
check or no error
check?)
to pick
the best one?
n lines
web request or an
IM.
to exchange the
email.
Examples of different computer
network protocols and their levels.
Higher level details
1.
Web-client speaks to the web-server using HTTP – hyper text transfer
protocol.
2. SSH (Secure Shell protocol) is used to allow for secure remote connections.
3. SIP (Session Initiation Protocol) is used to make VoIP telephone calls.
Slightly lower level details (Transport/routing)
4. Transport control protocol (TCP) (e.g., task error checking) – checks if network
data reached its destination without errors. Retransmit if necessary,
5. IP (Internet Protocol) is used to find “good” route to transport the packet.
Lower level details
6. Medium Access protocol: Protocols that determine how to use and share a
specific communication medium (e.g., medium: wired, wifi, bluetooth) when sending
data.
•
to avoid collisions between data when the same communication media are
being used to transmit different data items.
Layers, Services & Protocols
• Specifically, every network application (e.g. email
client) runs certain specific services from
protocols:
– Transport: across a network from source to destination.
•
•
Deals with tasks such as error check and correction.
Identifying destination address.
– Routing and forwarding: across multiple hops.
•
More short sighted….
– Transferring raw data from one physical interface to another.
•
Least sighted
• These protocols are therefore organized into layers.
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Protocols work with each other (Example).
•
First some pre-requisite knowledge:
–
–
Domain names: When browsing the Internet, we use domain names – these are names given to a
specific server or group of servers. E.g., www.radford.edu is the domain name associated with
Radford’s web server.
IP addresses: Every computer on the Internet has a distinct address called IP address. It is a
number that looks like this:
•
–
Port numbers: It is the number associated with each network program running on
our computer.
•
–
– 137.45.192.132
E.g., Open a command prompt on your Windows computer or a terminal on your Mac/Linux
computer.
– Type “nslookup www.radford.edu”.
– You will notice that this is associated with an IP address.
» What is it?
E.g., Webservers are associated with port number 80; SSH server associated with port number
22.
To address a specific program on the Internet we use both an IP address
and a port number. E.g.,
•
•
•
To reach Radford Universities webserver, we use the domain name: www.radford.edu .
This in turn translates to an IP address such as 137.45.192.132 and port number 80.
We use the notation: 137.45.192.132:80 to represent this.
• This is also called as internet address. Every computer
on the internet has a unique internet address (with
exceptions)
Source: ©
Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
Protocols work with each other (Example).
• With the pre-requisite knowledge
from the last slide
– Consider the simple task of browsing the
Internet.
– We open a web-browser and type in a URL (e.g.,
www.nytimes.com).
– Let us see what protocols are involved.
Source: ©
Chapter 7, Security in Computing 3rd
Edition, by Pfleeger and Pfleeger.
Web Browsing Application
• Documents are prepared using HyperText Markup
Language (HTML)
• A browser application program is used to access
the web
• The browser displays HTML documents that
include links to other documents
• Each link references a Uniform Resource Locator
(URL) that gives the name of the machine and the
location of the given document
• Let’s see what happens when a user clicks on a link
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
1. DNS
A. 64.15.247.200
Q. www.nytimes.com?






User clicks on http://www.nytimes.com/
URL contains Internet name of machine (www.nytimes.com), but
not Internet address
Internet needs Internet address to send information to a
machine
Browser software uses Domain Name System (DNS) protocol to
send query for Internet address
DNS system responds with Internet address
TRY THIS: Open a command prompt on Windows and type:
nslookup www.radford.edu. You just used the DNS protocol!
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
2. TCP
ACK
ACK, TCP Connection Request
From: 64.15.247.200 Port 80
To:128.100.11.13 Port 1127
TCP Connection Request
From: 128.100.11.13 Port 1127
To: 64.15.247.200 Port 80




Browser software uses HyperText Transfer Protocol (HTTP) to send request for
document
HTTP server waits for requests by listening to a well-known port number (80 for
HTTP)
HTTP client sends request messages through an “ephemeral port number,” e.g.
1127
Transmission Control Protocol (TCP)
connection between the HTTP client and the HTTP server to transfer
HTTP needs a
messages reliably
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
3. HTTP
Content
200 OK
GET / HTTP/1.1





HTTP client sends its request message: “GET …”
HTTP server sends a status response: “200 OK”
HTTP server sends requested file
Browser displays document
Clicking a link sets off a chain of events across the Internet
involves multiple protocols! (We did not cover some of the other
protocols involved).
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Layers
• A set of related communication functions that
can be managed and grouped together
• Application Layer: communications functions that
are used by application programs
– HTTP, DNS, SMTP (email)
• Transport Layer: end-to-end communications
between two processes in two machines
– TCP, User Datagram Protocol (UDP)
• Network Layer: node-to-node communications
between two machines
– Internet Protocol (IP)
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Example: HTTP
• HTTP is an application layer protocol
• Retrieves documents on behalf of a browser
application program
• HTTP specifies fields in request messages and
response messages
– Request types; Response codes
– Content type, options, cookies, …
• HTTP specifies actions to be taken upon receipt of
certain messages
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
HTTP Protocol
HTTP
Client



GET
Response
HTTP
Server
HTTP assumes messages can be exchanged directly between
HTTP client and HTTP server
In fact, HTTP client and server are processes running in two
different machines across the Internet
HTTP uses the reliable stream transfer service provided by TCP
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Example: TCP
•
•
TCP is a transport layer protocol
Provides reliable transport service between two processes in two computers across
the Internet. (Think of it as providing receipt-certification.)
•
Sequence numbers keep track of the bytes that have been transmitted and
received
•
Error detection and retransmission used to recover from transmission errors and
losses
•
TCP is connection-oriented: the sender and receiver must first establish an
association and set initial sequence numbers before data is transferred
Connection ID is specified uniquely by
•
(send port #, send IP address, receive port #, receiver IP address)
E.g., if you browse the RU website from a computer with IP address of: 137.45.192.132 then, the
connection is uniquely identified by:
(1234, 137.45.192.132 ; 80, 137.207.232.204)
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
HTTP uses service of TCP
Source
Destination
HTTP
server
HTTP
client
Response
GET
Port 80
Port 1127
TCP
Response
GET
80, 1127
TCP
GET
bytes
Response
1127, 80 TCP
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Example: UDP
• UDP is a transport layer protocol
• Provides best-effort datagram service between two
processes in two computers across the Internet
• Port numbers distinguish various processes in the
same machine
• UDP is connectionless
• Datagram is sent immediately
• Quick, simple, but not reliable
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Example: DNS Protocol
• DNS protocol is an application layer protocol
• DNS is a distributed database that resides in multiple machines
in the Internet
• DNS protocol allows queries of different types
– Name-to-address or Address-to-name
• DNS usually involves short messages and so uses service
provided by UDP
• Well-known port 53
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521
Summary
• Layers: related communications functions
– Application Layer: HTTP, DNS, SMTP, World of Warcraft, …
– Transport Layer: TCP, UDP
– Network Layer: IP
• Services: a protocol provides a communications service to the
layer above
– TCP provides connection-oriented reliable byte transfer service
– UDP provides best-effort datagram service
• Each layer builds on services of lower layers
– HTTP builds on top of TCP
– DNS builds on top of UDP
– TCP and UDP build on top of IP
Source: Chapter 2, Communication Networks by Aleberto Leon Garcia and
Indra Widjaja, ISBN: 978-0072463521