Network Security. Network Vulnerabilities
|
|
- Ashlee Chase
- 6 years ago
- Views:
Transcription
1 Network Security Network Vulnerabilities 1
2 Attacks and the OSI Stack Stack layer Services Protocols Application; Presentation; Session Transport DNS SMTP TCP Network Routers IP Logic Physical Switches Hubs 2
3 IP Addresses IP addresses identify the network and the machine in the network. Example: the address : x identifies the network. y.y.y.22 identifies the machine in the network. The network mask identifies the network dimension (256) and the addresses of the directly accessible machines. The network mask can be retrieved by a ICMP (Address Mask Request) request or by using DHCP. 3
4 Network addresses The address of the network interface. Unique identifiers with 48 bit. The first 24 bit identify the manufacture. Media Access Control (MAC) address IP addresses 32 bit ~ 4 million million addresses Usually described by 4 separate decimal numbers divided by dots to
5 Address Translation Address Resolution Protocol (ARP): Layer 3 Protocol (network) Translates an IP address into a MAC address ARP Query Who has the ? Answer to ARP Reply is at 00:0e:81:10:19:FC. ARP caches: registers old answers. when the answers are too old they are removed. 5
6 Routers Internet Router IP address Network mask Default router Router switch switch 6
7 Routers Internet IP address Network mask Default router IP datagram Dest: Router Router switch Direct delivery switch
8 Routers Internet IP address Network mask Default router IP datagram Dest: Router Router switch Default Router + direct delivery switch 8
9 Used Protocol Layers Application Layer Application Layer PDU Application Layer Transport Layer Transport Layer PDU Transport Layer Internet Layer Router Internet Layer Internet Layer IP Datagram IP Datagram Network Interface Ethernet Frame Network Interface Ethernet Frame Network Interface Physical Network Physical Network 9
10 Routers Internet IP address Network mask Default router IP datagram Dest: Router Router switch switch Default Router + next router + next router +. 10
11 Used Protocol Layer Application Layer Application Layer PDU Application Layer Transport Layer Transport Layer PDU Transport Layer Internet Layer Router Internet Router Internet Internet Layer IP Datagram IP Datagram IP Datagram Network Interface Ethernet Frame NI NI Network Interface Ethernet Frame Physical Network Physical Network Physical Network 11
12 Private Addresses Some network ranges were reserved for private addressing (IETF RFC 1918): to (1 network, 2 24 machines), to (16 networks, 2 16 machines, total), to (256 network, 2 8 machines each). Packages with these addresses (origin or destination) are never sent outside the network itself An attempt to solve the lack of IP addresses. Security? I the previous example, the router has the IP address and two private addresses: e : Operates a router between two private networks. 12
13 (Layer 1) Physical Layer: Hubs Topics: Behavior Problems Sniffers and anti-sniffers 13
14 Hubs: Behavior Information broadcast Threats: Information Leakage (sniffers). Easy to install more devices. Easy management, but, any one can connect himself there; Even if the Hub is physically secure. 14
15 Sniffers Usually network adapters operate in a non promiscuous mode Network adaptors only listen to what is sent to there MAC Sniffers work in a promiscuous mode Read frames with any MAC. Some sniffer tools: Tcpdump Ethereal (Wireshark) Snort 15
16 Identifying sniffers AntiSniff Correct IP, Incorrect MAC (Answer, does not answer) Linux any MAC NetBSD IP = broadcast Windows Mac = ff:00:00:00:00:00 Constant DNS queries from the sniffer machine Tcpdum, ethereal ARP Method A machine caches ARPs, so send a non-broadcast ARP (with our correct MAC). Then send a broadcast Ping with the right IP but wrong MAC; Only a machine which has our correct MAC address from the sniffed ARP will respond, i.e. the sniffer machine! Latency Method Time needed to answer to one packet vs response time for n packets. 16
17 Preventing Sniffing Solutions: Prevent the use of network adapters in promiscuous mode Use of switches (but! it costs) use encryption One-time passwords, e.g. SecurID, S/Key 17
18 (Layer 2) Data Link Topics: More on Ethernet and IP addressing. Switches Behavior ARP spoofing e MAC flooding 18
19 Switches: Behavior Switches only send the data to the destination address A table with the MAC in each of the ports is constructed When a frame reaches the switch: Searches the port where the device with that MAC is at. Sends the frame to that port. Switches operate at the layer 2 (data link). Switches reduce the sniffing problem The network adapter only sees what is meant for it. 19
20 ARP Vulnerabilities Non solicited ARP responses: Sent by a rightful machine upon connecting. Not sent as a response to a request. Associates a MAC to an IP. ARP spoofing: An attacker can send a wrongful non requested ARP message. ARP messages are in no way signed, thus it is easy to falsify message from any given MAC. 20
21 ARP Tables - OK IP MAC 00:0e:81:10:17:d1 IP address MAC address :0e:81:10:19:FC :1f:42:12:04:72 Attacker IP MAC 00:1f:42:12:04:72 IP MAC 00:0e:81:10:19:FC switch IP address MAC address :0e:81:10:17:d :1f:42:12:04:72 21
22 ARP Tables Poisoning IP MAC 00:0e:81:10:17:d1 IP address MAC address :1f:42:12:04: :1f:42:12:04:72 Attacker IP MAC 00:1f:42:12:04:72 IP MAC 00:0e:81:10:19:FC (1) Non solicited ARP is at 00:1f:42:12:04:72 switch IP address MAC address :1f:42:12:04: :1f:42:12:04:72 (2) Non solicited ARP is at 00:1f:42:12:04:72 22
23 ARP Tables Poisoned IP MAC 00:0e:81:10:17:d1 IP datagram Dest: MAC: 00:1f:42:12:04:72 IP address MAC address :1f:42:12:04: :1f:42:12:04:72 Attacker IP MAC 00:1f:42:12:04:72 IP MAC 00:0e:81:10:19:FC switch IP address MAC address :1f:42:12:04: :1f:42:12:04:72 Attacker table IP address MAC address :0e:81:10:19:FC :0e:81:10:17:d1 23
24 Results from ARP Spoofing The attacker has the correct table But the devices and have poisoned ARP tables. All the data sent from to is redirected to the attacker (Layer 2). The attacker may redirect the data to the intended receiver. The attacked machines nor the switch are able to detect the attack. Tool example: dsniff auditing and penetration testing tool set. In conclusion : Switches do not eliminate the sniffing problem. 24
25 MAC Flooding The attacker sends several, unsolicited ARP messages. Each ARP message with a different MAC. When the table is filled up: Some switches stop accepting new connections (DoS). Some switches revert to a Hub mode: Allowing standard sniffers to work again! Device MAC address :0e:81:10:19:FC 4 00:0e:81:32:96:af :0e:81:32:96:b0 4 00:0e:81:32:96:b1 4 00:0e:81:32:97:a4 switch 25
26 Preventive Measures: Place the switches in safe location To prevent unlawful/unauthorized usage/access. Switches should fail in a secure fashion New threat: DoS. Notify the system administration. Arpwatch Monitor the ARP to IP translation. Alert the system administration. Use of switches with fixed tables Loss of flexibility. 26
27 (Layer 3) Network Layer Topics: Routers and routing. IP Addresses. Other topics. 27
28 Routers and Routing Routers support the indirect delivery of IP datagrams. Routing tables are used A datagram cans usually se sent: directly to the final destination. to the next router in the destination direction. to the default router. 28
29 Network Layer attacks - I IP spoofing: IP Packets are not authenticated. The attacker can fill the origin address fill of a IP packet with any value, thus it is unsecure to base a access control policy base on the IP address. An attacker is able to replay, delay, reorder, modify or inject an IP packet. Personification threats, integrity tampering, and unlawful use are still possible. Users have little to no guarantee concerning the routing path taken by the packets: information leak threat. packet integrity threat. DoS threat. 29
30 Network Layer attacks - II Routes update security An attacker might corrupt the routing tables by sending routingupdate messages. RIPv1 and IGRP do not have authentication. ICMP redirect packets. DoS, man in the middle, etc. 30
31 (Layer 4) Transport Layer Topics: TCP/IP handshake TCP hijacking DoS TCP DoS ICMP DoS Solutions 31
32 TCP/IP Handshake (Layer 4) 32
33 TCP connection hijacking Explores the de-synchronization between 2 hosts (A & B) A and B have a out of synchronization connection To the point that the data segments are out of the sliding window All the data segments sent are discarded by the receiver This generates a high amount of ACK packets Which can be used to detect the de-synchronization The actual communication is know performed data segments created by the attacker These are created with the correct synchronization values De-synchronization: During the creation of a TCP/IP connection Cutting an already established connection Practicability: The attacker must be in the middle of the communication Man-in-the-middle attack 33
34 TCP Connection hijacking Solutions (1/3) Predicting the sequence number A ttacker à S: SYN(ISN A ), SRC=B S erver à B: SYN(ISN S ), ACK(ISN A +1) A ttacker à S: ACK(ISN S +1), SRC=B How to counteract? Random generation of the ISN Windows NT 4.0 OS increments (+10) the ISN every ms Unix OS incremented the ISN also with a time dependent algorithm. Defensive attitude Avoid any host-based authentication based on the IP address. 34
35 TCP Connection hijacking Solutions (2/3) Personalization Random sequence numbers Firewalls Filter/discard data segments with source-routing Use IP masquerading for unsecure connection nodes Detect bursts of invalid segments Be suspicious of host-based authentication Used in several services (r-tools, NFS, etc.) Use TCP wrappers Additional control Logging Use additional authentication mechanisms 35
36 TCP Connection hijacking Solutions (3/3) Connection hijacking Added integrity control capable of prevent an intrusion attack the integrity control should be related with the origin of the data Machine, user, etc. Can be performed at the IP level or higher IPsec, SSL, SSH, etc. 36
37 DoS attack: SYN flooding (1/2) Consists in overloading a core with incomplete TCP/IP connection requests X à A: SYN A à X: SYN+ACK X à A: ACK Typically the attacker uses IP spoofing Forging one or more unused IP address Often TCP is insensitive (when in the SYN_RECVD state) to ICMP error messages: host unreachable or port unreachable Easy to temporarily block Forging random IP addresses Less powerful attack Harder to block 37
38 DoS attack: SYN flooding (2/2) Explored vulnerabilities No authentication in the SYN segments The server needs to reserve more resources that the client/attacker Impact on the attacked machine Storage of the connection requests until they are eliminated by timeout TCP connection in the SYN_RECVD state Periodical re-sending of the SYN+ACK packet The amount of connection requests per port are limited: The subsequent requests are discarded Rightful requests may be discarded due to the existence of false connection requests 38
39 SYN flooding Solutions I No definite solution for IPv4 Modifying TCP for the servers Bigger request queues, lower timeouts Random Drop SYN cookies ISN is sent ciphered in the SYN+ACK (cookie) and returned in the ACK The server retains no information. Others modifications... Cooperation with the firewalls Relay or semi-gateway Attack detectors 39
40 Firewall Handshake Relay 40
41 Firewall - Gateway 41
42 Firewall Passive gateway 42
43 Broadcast Broadcast addresses: Any packet with a destination address ending with.255 in a network with a netmask is sent to all the machines in that network. Equally works in networks with different dimensions. Facilitates management, but what about security? 43
44 ICMP ICMP = Internet Control Message Protocol. Layer 4 Protocol (as TCP). Mandatory in all IP networks. Used to send and receive the error messages from IP E.g. ICMP Echo Request (Ping): ICMP Packet Echo IP datagram Src: Dest: ICMP Packet Echo Reply IP datagram Src: Dest:
45 ICMP SMURF attack (DoS) Attacker ICMP Packet Echo Request IP datagram Src: Dest: Victim ICMP Packet Echo ICMP Reply Packet Echo ICMP Reply Packet IP datagram Echo Reply Src: IP datagram Dest: Src: IP datagram Dest: Src: Dest: ICMP Packet Echo Reply IP datagram Src: Dest:
46 Denial of Service (DoS) with: CHARGEN & ECHO Two diagnostic services from UNIX Over TCP or UDP This attacks uses IP address spoofing X send a datagram to B, saying it coming from A (spoofing) A origin port is ECHO B destination port is CHARGEN Impact on the attacked machines A and B go into a escalading and endless message exchange ping-pong Defensive posture Restrict the use/availability of diagnostic services Detect and avoid IP spoofing Restrict the access to networks with broadcasting 46
47 DoS: Exploring flaws Protocol have flaws at the implementation level Ping-of-Death attack Ping l target.ip.address 20 bytes + 8 bytes > (actual buffer size) Teardrop attack Overlapping IP fragment Protocol do not predict absurd scenarios Land attack The same source and destination address E.g. in the TCP SYN packet» Windows XP SP2 is vulnerable to this attack 47
48 DNS: Domain Name System Translate Domain Names to IP addresses Reverse Translation in- addr.arpa Mail Server Localization smtp.ist.utl.pt Other name translations 48
49 49 Global Hierarchy
50 DNS: Entities A DNS name is comprised by several names separated by. A DNS zone is a group of IP addresses managed by a single DNS authority, usually with a different name. A DNS authority has usually a single registar but may have more for performance and fault tolerance 13 Registars for the root domain. Top- level domains.com,.edu,.pt, etc. Each registar has a database with Resource Records 50
51 Resource Records A Translate names to IP addresses AAAA - Translate names to IPv6 addresses PTR Reverse translation MX Translate address to MTA (Mail Transfer Agent) NS Contains the IP of the hierarchical DNS registar. 51
52 Resouce Records (dig) $ dig ;; ANSWER SECTION: Resource Record: Name TTL IN A rdata IN A ;; AUTHORITY SECTION: ist.utl.pt IN NS ns.utl.pt. ist.utl.pt IN NS ns1.ist.utl.pt. ist.utl.pt IN NS ns2.ist.utl.pt. ;; ADDITIONAL SECTION: ns.utl.pt IN A ns1.ist.utl.pt IN A ns1.ist.utl.pt IN AAAA 2001:690:2100:1::53:1 ns2.ist.utl.pt IN A Resource Record Set: Name TTL IN NS Useful information for attackers 52
53 53
54 DNS: Arquitectura File Corruption Manager Cache Poisoning Non authorized updates Zone File Master Master Masquerading Caching Server Cache Masquerading Dynamic Updates Slaves Slaves Resolver 54
55 Kaminsky Attack (Cronology) Fev/2008 Dan Kamisky reports the problem 8/Jul/2008 Patch for several systems 21/Jul/2008 Public knowledge 8/Aug/2008 Details on Blackhat 28/Aug/2008 Memorandum for the adoption of DNSSEC in.gov 55
56 Kasminsky (description) Id : Query: X.Y.W.Z Id : Query: X.Y.W.Z Id Cache For all 2^16 Ids: : ns: AT.TA.CK.ER Current solution: Random src port; requires search in a 2^32 space 56
Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationNetwork Security. Network Components and Protocols. 11/2/2009 Vasile Dadarlat Retele de Calculatoare, An I Master
Network Security Network Components and Protocols 1 Objectives of Lecture Understand the different components that are likely to be found in a network. Study the major network protocols (focussing on TCP/IP
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationTable of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1
Table of Contents 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 i 1 Intrusion Detection Statistics Overview Intrusion detection is an important network
More informationDetecting Sniffers on Your Network
Detecting Sniffers on Your Network Sniffers are typically passive programs They put the network interface in promiscuous mode and listen for traffic They can be detected by programs such as: ifconfig eth0
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More informationThreat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
Threat Pragmatics 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 Target Many sorts of targets: Network infrastructure Network services Application services User
More informationSingle Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking
1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationComputer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 12 2/28/08 CIS/TCOM 551 1 Announcements Reminder: Project 2 is due Friday, March 7th at 11:59 pm 2/28/08 CIS/TCOM 551 2 Internet Protocol
More informationInterconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1
Interconnecting Networks with TCP/IP 2000, Cisco Systems, Inc. 8-1 Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the IP protocol stack, its protocol
More informationAdopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks
Adopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre January 2014 1 Introduction IPv6 was introduced
More informationTCP/IP Protocol Suite
TCP/IP Protocol Suite Computer Networks Lecture 5 http://goo.gl/pze5o8 TCP/IP Network protocols used in the Internet also used in today's intranets TCP layer 4 protocol Together with UDP IP - layer 3 protocol
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationCSc 466/566. Computer Security. 18 : Network Security Introduction
1/81 CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:57:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationCS670: Network security
Cristina Nita-Rotaru CS670: Network security ARP, TCP 1: Background on network protocols OSI/ISO Model Application Presentation Session Transport Network Data Link Physical Layer Application Presentation
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationPing of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods
Ping of death Land attack Teardrop Syn flood Smurf attack DOS Attack Methods Ping of Death A type of buffer overflow attack that exploits a design flaw in certain ICMP implementations where the assumption
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 15 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck and Micah Sherr 1 Grading Class Participat ion and Quizzes 10% Grade Breakdown Homewo
More informationDan Boneh, John Mitchell, Dawn Song. Denial of Service
Dan Boneh, John Mitchell, Dawn Song Denial of Service What is network DoS? Goal: take out a large site with little computing work How: Amplification Small number of packets big effect Two types of amplification
More informationApplied Networks & Security
Applied Networks & Security TCP/IP Networks with Critical Analysis http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Spring 2006/2007 John Kristoff - DePaul University 1 Critical
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationNetwork Security. Tadayoshi Kohno
CSE 484 (Winter 2011) Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 7 1 Projects Groups Max 3 persons Topics Cryptography Network Security Program
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationInterconnecting Networks with TCP/IP
Chapter 8 Interconnecting s with TCP/IP 1999, Cisco Systems, Inc. 8-1 Introduction to TCP/IP Internet TCP/IP Early protocol suite Universal 1999, Cisco Systems, Inc. www.cisco.com ICND 8-2 TCP/IP Protocol
More informationGuide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols
Guide to Networking Essentials, 6 th Edition Chapter 5: Network Protocols Objectives Describe the purpose of a network protocol, the layers in the TCP/IP architecture, and the protocols in each TCP/IP
More informationComputer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University
Computer Networks More on Standards & Protocols Quality of Service Week 10 College of Information Science and Engineering Ritsumeikan University Introduction to Protocols l A protocol is a set of rules
More informationCS Paul Krzyzanowski
The Internet Packet switching: store-and-forward routing across multiple physical networks... across multiple organizations Computer Security 11. Network Security ISP Paul Krzyzanowski Rutgers University
More informationA Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art
2015 IEEE 2015 International Conference on Computer, Communication, and Control Technology (I4CT 2015), April 21-23 in Imperial Kuching Hotel, Kuching, Sarawak, Malaysia A Review on ICMPv6 Vulnerabilities
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2630 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706 Legal and notice information
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationChapter 2 Advanced TCP/IP
Tactical Perimeter Defense 2-1 Chapter 2 Advanced TCP/IP At a Glance Instructor s Manual Table of Contents Overview Objectives Teaching Tips Quick Quizzes Class Discussion Topics Additional Projects Additional
More informationSE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer
SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?
More informationAttack Prevention Technology White Paper
Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes
More informationENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics
ENEE 457: Computer Systems Security 11/07/16 Lecture 18 Computer Networking Basics Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationNetwork concepts introduction & wireshark. workshop
Network concepts introduction & workshop @KirilsSolovjovs ISO/OSI+DoD model Topics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4: UDP, TCP Routing Application
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationDenial of Service. Eduardo Cardoso Abreu - Federico Matteo Bencic - Pavel Alexeenko -
Denial of Service Eduardo Cardoso Abreu - e.abreu@fe.up.pt Federico Matteo Bencic - up201501013@fe.up.pt Pavel Alexeenko - ei11155@fe.up.pt Index What is Denial of Service (DoS)? DoS vs DDoS (Distributed
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 7 Announcements First project: Due: TOMORROW at 11:59 p.m. http://www.cis.upenn.edu/~cis551/project1.html Plan for Today: Networks:
More informationSession Overview. ! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs
Session Overview! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs! RIP, IGRP, EIGRP and OSPF! Attacking tunnels! GRE intrusion
More informationOSI Session / presentation / application Layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)
OSI Session / presentation / application Layer Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) 1 Higher level protocols On top of IP, TCP, UDP, etc. there are a plethora
More informationDenial of Service. EJ Jung 11/08/10
Denial of Service EJ Jung 11/08/10 Pop Quiz 3 Write one thing you learned from today s reading Write one thing you liked about today s reading Write one thing you disliked about today s reading Announcements
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationComputer Security. 11. Network Security. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 11. Network Security Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 The Internet Packet switching: store-and-forward routing across multiple
More informationThe big picture. Security. Some consequences. Three types of threat. LAN Eavesdropping. Network-based access control
The big picture Security Next two lectures about security Today: attack - All kinds of bad things attackers can do over the network Next lecture: defense - Techniques for protecting against these and other
More informationClosed book. Closed notes. No electronic device.
414-S17 (Shankar) Exam 3 PRACTICE PROBLEMS Page 1/6 Closed book. Closed notes. No electronic device. 1. Anonymity Sender k-anonymity Receiver k-anonymity Authoritative nameserver Autonomous system BGP
More informationNetwork concepts introduction & wireshark
Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people attending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity
More informationInternet Protocol and Transmission Control Protocol
Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect
More informationTCP Overview Revisited Computer Networking. Queuing Disciplines. Packet Drop Dimensions. Typical Internet Queuing. FIFO + Drop-tail Problems
TCP Overview Revisited TCP modern loss recovery 15-441 Computer Networking Other Transport Issues, Attacks and Security Threats, Firewalls TCP options TCP interactions TCP modeling Workload changes TCP
More informationA Look Back at Security Problems in the TCP/IP Protocol Suite Review
A Look Back at Security Problems in the TCP/IP Protocol Suite Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 26, 2011 1 Introduction to the topic and the reason
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationCS 457 Lecture 11 More IP Networking. Fall 2011
CS 457 Lecture 11 More IP Networking Fall 2011 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationBrief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...
Brief Contents Acknowledgments... xv Introduction...xvii Chapter 1: Packet Analysis and Network Basics... 1 Chapter 2: Tapping into the Wire... 17 Chapter 3: Introduction to Wireshark... 37 Chapter 4:
More informationOperational Security Capabilities for IP Network Infrastructure
Operational Security Capabilities F. Gont for IP Network Infrastructure G. Gont (opsec) UTN/FRH Internet-Draft September 1, 2008 Intended status: Informational Expires: March 5, 2009 Status of this Memo
More informationCSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University
CSCI 1800 Cybersecurity and Interna4onal Rela4ons Design and Opera-on of the Internet John E. Savage Brown University Outline Network security The link layer The network layer The transport layer Denial
More informationModule 7 Internet And Internet Protocol Suite
Module 7 Internet And Internet Protocol Suite Lesson 22 IP addressing. ICMP LESSON OBJECTIVE General The lesson will continue the discussion on IPv4 along with the idea of ICMP. Specific The focus areas
More informationCSE 127: Computer Security Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko November 28, 2017 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationSecurity. - All kinds of bad things attackers can do over the network. - Techniques for protecting against these and other attacks
Security Next two lectures about security Today: attack - All kinds of bad things attackers can do over the network Next lecture: defense - Techniques for protecting against these and other attacks Note:
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationConfiguring IP Services
This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To
More informationCSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical
CSE/EE 461 The Network Layer Application Presentation Session Transport Network Data Link Physical This Lecture Focus: What to do when one wire isn t big enough? Point to point link Broadcast link (Ethernet
More informationCommunication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner
Communication Networks (0368-3030) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University Allon Wagner Several slides adapted from a presentation made by Dan Touitou on behalf of Cisco.
More informationETSF10 Internet Protocols Network Layer Protocols
ETSF10 Internet Protocols Network Layer Protocols 2012, Part 2, Lecture 3.1 Kaan Bür, Jens Andersson Network Layer Protocols IPv4, IPv6 [ed.4 ch.20.3+19.2] [ed.5 ch.22.1.1-2+22.2] Transition from IPv4
More informationNetwork Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015
Network Security Introduction to networks Radboud University, The Netherlands Autumn 2015 What is a (computer) network Definition A computer network is two or more computers that are connected, so that
More informationCSC 574 Computer and Network Security. DNS Security
CSC 574 Computer and Network Security DNS Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) A primer on routing Routing Problem: How do Alice s messages
More informationNetwork Security Protocols NET 412D
Kingdome of Saudi Arabia Ministry of Higher Education Princess Nora Bint Abdul Rahman University Faculty of Computer & Information Science Networking and Communication Systems Department المملكة العربية
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationInternet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP) 1 Overview The IP (Internet Protocol) relies on several other protocols to perform necessary control and routing functions: Control functions (ICMP) Multicast signaling
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 30 November 2017 HW#11 will be posted Announcements Don t forget projects next week Presentation
More informationCSC 405 Introduction to Computer Security. Network Security
CSC 405 Introduction to Computer Security Network Security Alexandros Kapravelos akaprav@ncsu.edu (Derived from slides by Giovanni Vigna) Network Sniffing Technique at the basis of many attacks The attacker
More informationETSF05/ETSF10 Internet Protocols Network Layer Protocols
ETSF05/ETSF10 Internet Protocols Network Layer Protocols 2016 Jens Andersson Agenda Internetworking IPv4/IPv6 Framentation/Reassembly ICMPv4/ICMPv6 IPv4 to IPv6 transition VPN/Ipsec NAT (Network Address
More information