Chapters 9 and 8 Samba/SMB, Network Security Professor Rick Han University of Colorado at Boulder

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapters 8 Network Security Professor Rick Han University of Colorado at Boulder
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 8 Network Security Principles, Symmetric Key Cryptography, Public Key Cryptography Professor Rick Han University of Colorado at Boulder
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Network Security – Part 1 Spring 2005 V.T. Raja, Ph.D., Oregon State University.
Chapters 8 Network Security
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Chapter 9 Caching, NAT Professor Rick Han University of Colorado at Boulder
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Chapter 20: Network Security Business Data Communications, 4e.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Network Security Sorina Persa Group 3250 Group 3250.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
NAT, Samba. Network Address Translation (NAT) Enables reuse of IP addresses, gets around IP’s limited 32-bit address space TCP-level semantic knowledge.
OSI Model Routing Connection-oriented/Connectionless Network Services.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.
Chapter 13 – Network Security
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Network Security Principles, Symmetric Key Cryptography, Public Key Cryptography Modified by Xiuzhen Cheng Originally provided by Professor Rick Han
Network Security Lecture 11 Presented by: Dr. Munam Ali Shah.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Terminology and classical Cryptology
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Tunneling and Securing TCP Services Nathan Green.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
INCS 741: Cryptography Overview and Basic Concepts.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography CSS 329 Lecture 13:SSL.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Security Outline Encryption Algorithms Authentication Protocols
Encryption and Network Security
Lecture 36.
Lecture 36.
Presentation transcript:

Chapters 9 and 8 Samba/SMB, Network Security Professor Rick Han University of Colorado at Boulder

Prof. Rick Han, University of Colorado at Boulder Announcements HW #5 a possibility Programming Assignment #3 due May 2 Lecture slides from last week online after class In Chapter 8, read all sections. Next, Samba/SMB, Network Security

Prof. Rick Han, University of Colorado at Boulder Recap of Previous Lecture An example caching policy for an HTTP proxy Conditional GET with If-Modified-Since header Proxy returns page from its cache only if that page is not expired and its Last-Modified is more recent than If-Modified-Since date Otherwise, proxy forwards conditional GET to server, who either replies with New page, or Status 340 “Not Modified” Network Address Translation (NAT) Outbound: Substitute NAT’s IP address and TCP port for the packet’s source IP and source TCP port Inbound: Substitute NAT’s IP addr and TCP port for packet’s dest IP and dest TCP port

Prof. Rick Han, University of Colorado at Boulder Recap of Previous Lecture (2) NAT Static NAT’s map an inbound packet’s dest IP and dest TCP port to a internal host’s fixed IP addr and TCP port Enables a Web server behind a NAT to serve Web pages to external hosts Adds security risk Dynamic NAT’s provide a firewall masquerading capability In absence of fixed mappings, external hosts can’t make an inbound connection to any internal host Internal hosts can still make outbound TCP connections

Prof. Rick Han, University of Colorado at Boulder Samba/SMB Server Message Block (SMB) Protocol File sharing protocol that ships with Microsoft OS’s Basis for Network Neighborhood Application-layer protocol over TCP/UDP/IP Open-source SAMBA Server suite enables other OS’s such as Linux to speak SMB Enables an MS client to access files on a UNIX server – very useful!

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (2) For historical reasons, SMB first ran across the NETBIOS API, which then ran across various network protocols, e.g. TCP/UDP, IPX, SNA, DECnet, etc. SMB packets can be framed in NETBIOS packets which are encapsulated by TCP/UDP NETBIOS over TCP/UDP is called NBT SMB NETBIOS TCP/UDP, IPX, SNA or …

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (3) Newer version of SMB: Windows 2000 now runs SMB natively on top of TCP/UDP no NETBIOS framing renamed to Common Internet FileSystem (CIFS) CIFS actually refers to entire suite of protocols: file/printer-sharing, service announcement, naming, authentication, authorization Supports older version of SMB too, to maintain compatibility SMB (Windows 2000) TCP/UDP

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (4) NBT creates an abstraction: a virtual LAN, even if actual nodes are distributed over wide area NBT provides 3 services over a virtual LAN Naming Service Datagram Distribution Service Session Service NBT Naming Service Broadcast: “where’s anchor?” “Here I am” Point-to-point: required to bridge subnets, because broadcasts are typically confined to a subnet A NETBIOS Name Server (NBNS) provides name-to- IP mappings for a NETBIOS virtual LAN Also called WINS in MS terminology

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (5) NBT Naming Service (cont.) Runs on UDP port 137: NETBIOS naming queries are encapsulated in UDP then IP NBT Datagram Service Runs over UDP port 138 Point-to-point and multicast are straightforward within a LAN Multicast across IP subnets requires a bridging agent: a NETBIOS Datagram Distribution Server (NBDD) Multicast datagrams are sent to NBDD, which gets list of hosts in multicast group from NBNS, then sends point-to-point to each host WINS messed up its implementation of NBDD (as of May 2001) – some group members won’t receive multicast

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (6) NBT Session Service Runs over TCP port 139 Implements file sharing Simple sequence of events: 1.Source X gives NETBIOS name of destination Y to NBT Name Service and gets back IP address of Y 2.Source X establishes a TCP connection with Y 3.Source X sends a NETBIOS SESSION SERVICE REQUEST to Y. Y accepts request. 4.X and Y exchange files via SMB. SMB packets consist of “0xFF” then the letters “SMB” followed by a command and data Commands are patterned after DOS I/O commands, and include OPEN, CLOSE, DELETE, etc.

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (7) SMB Several dialects of SMB, so there is always a negotiation phase to make sure SMB client speaks the same dialect as SMB server Network Neighborhood is supported by a “Browsing” Service Browsing is organized in terms of IP subnets and Workgroups. A "Workgroup" is a set of NBT nodes on an IP subnet that shares the same Workgroup name. On each subnet, the Workgroup members hold an "election," which involves sending group datagrams via the NBT Datagram Service. A Domain Master Browser enables browsing across subnets

Prof. Rick Han, University of Colorado at Boulder Samba/SMB (8) CIFS Removes NETBIOS/NBT Also, replaces NETBIOS services with standard- based services Example: NBNS is replaced with Dynamic DNS SAMBA Racing to stay compatible with latest MS twist on CIFS, e.g. Windows 2000 See for more info

Prof. Rick Han, University of Colorado at Boulder Network Security Classic properties of secure systems: Confidentiality Encrypt message so only sender and receiver can understand it. Authentication Both sender and receiver need to verify the identity of the other party in a communication: are you really who you claim to be? Authorization Does a party with a verified identity have permission to access (r/w/x/…) information? Gets into access control policies.

Prof. Rick Han, University of Colorado at Boulder Network Security (2) Classic properties of secure systems: (cont.) Integrity During a communication, can both sender and receiver detect whether a message has been altered? Non-Repudiation Originator of a communication can’t deny later that the communication never took place Availability Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.

Prof. Rick Han, University of Colorado at Boulder Cryptography Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published EncryptionDecryption plaintextciphertextplaintext EncryptionDecryption plaintextciphertextplaintext Key K A Key K B

Prof. Rick Han, University of Colorado at Boulder Cryptography (2) Cryptography throughout history: Julius Caesar cipher: replaced each character by a character cyclically shifted to the left. Weakness? Easy to attack by looking at frequency of characters Mary Queen of Scots: put to death for treason after Queen Elizabeth’s I’s spymaster cracked her encryption code WWII: Allies break German Enigma code and Japanese naval code Enigma code machine (right)

Prof. Rick Han, University of Colorado at Boulder Cryptography (3) Cryptanalysis – Type of attacks: Brute force: try every key Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same key (but doesn’t know plaintext). Possible to recover plaintext (also possible to deduce key) by looking at frequency of ciphertext letters Known-plaintext attack: Attackers observes pairs of plaintext/ciphertext encrypted with same key. Possible to deduce key and/or devise algorithm to decrypt ciphertext.

Prof. Rick Han, University of Colorado at Boulder Cryptography (4) Cryptanalysis – Type of attacks: Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext. Attacker has more control than known-plaintext attack and may be able to gain more info about key Adaptive Chosen-Plaintext attack: Attacker chooses a series of plaintexts, basing the next plaintext on the result of previous encryption Differential cryptanalysis – very powerful attacking tool But DES is resistant to it Cryptanalysis attacks often exploit the redundancy of natural language Lossless compression before encryption removes redundancy

Prof. Rick Han, University of Colorado at Boulder Cryptography (5) Symmetric or Secret-Key Cryptography Both sender and receiver keys are the same: K A =K B Data Encryption Standard (DES) Encodes plaintext in 64-bit chunks using a 64- bit key (56 bits + 8 bits parity) Uses permutation or transposition of characters: abcd  dbac Was cracked in 1997 Triple-DES: put the output of DES back as input into DES again, loop again

Prof. Rick Han, University of Colorado at Boulder Cryptography (6) Public-Key Cryptography Host who wants data sent to it advertises a public encryption key K public Decryption algorithm has the property that only a private key K private can decrypt the ciphertext Based on the difficulty of factoring the product of two prime #’s Even though attacker knows the public key K public and the encryption algorithm, the attacker still does not know the private key K private Example: RSA encryption algorithm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.