1. TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik

2. Application Layer Protocols Messaging Protocols SMTP, POP, MIME, IMAP, IM Telephony H.323, SIP (used with VoIP) RPC Based Protocols NIS, NFS, Andrew File Transfer Protocols TFTP, FTP, SMB Remote Login Telnet, rlogin, Ssh, Information Services Finger, whois, LDAP, WWW,NNTP Proprietary Protocols RealAudio, SQL’Net, VNC

3. SMTP Biggest problem is figuring out who a piece of mail is really from Must use a higher level mechanism for trust or privacy Most SMTP clients use sendmail which has been a constant source of security problems for years

4. MIME MIME headers could be hand crafted by hacker to overwrite data MIME fragmentation could subvert virus checkers ability to detevt embedded virus’ Mailing of executable programs

5. POP Pretty insecure Passwords not secure, sent as clear text Exchanges are done as clear text Can be done over SSL/TLS Some UNIX systems POP runs as root until user is authenticated and then switches to that userid, never good to have servers running as root (many sysadmins set up to run servers as nobody)

6. IMAP Authentication is better than in POP but still not great (shared secret) Complex protocol, leaves many possibilities for hackers to try to subvert the protocol Not as popular as POP Used more on intranets than the internet

7. IM Very popular on the Internet but very dangerous on intranets connected to the internet due to employees inadvertently leaking private data onto the public media. Use commercial systems if needed on an intranet, possibly with encryption

8. RPC & Rpcbind Developed by Sun Microsystems Popular way of implementing distributed computing Authentication is weak, some versions used Kerberos based some use DES based shared session keys Rpcbind will advertise all registered services and allow them to be unregistered (by a wiley hacker) Rpcbind calls can be indirectly forwarded making verification of source hard to determine

9. NIS (Network Information Service) Used to distribute certain databases –Password files –Hosts file –Public and private key databases Never run NIS on exposed (to the internet) machines Configuration is very important.

10. NFS (Network File System) RPC and UDP based Pools unused storage on distributed machines into a virtual hard disk (rpcbind provides addressing information) Port 2049 (normally) Same problems as other RPC based systems

11. AFS (Andrew File System) Developed by Carnagie-Mellon, takenover by IBM Same goal as NFS, global disk pooling for an organization Kerberos based authentication More secure than NFS (but is a product and must be purchased ($))

12. TFTP (Trivial FTP) Simple UDP based protocol No authentication Used to update flash memories in many appliance type devices and mother boards Also used in booting routers, diskless workstations and X11 terminals Should only be run locally, never expose to internet as a fast version of FTP

13. FTP Command channel uses telnet, so same problems as telnet Port command often used as a source of attacks Anonymous FTP is very common, make sure that files owned or writeable by the FTP login are in the anonymous area Avoid any system type files in the anonymous area Place FTP servers supporting anonymous areas in your protected DMZ don’t expose internal FTP servers to the Internet Better to use SSH based file transfer programs

14. Telnet Though commonly used better to have users use Ssh –Most UNIX/Linux machines have SSH built in to the OS distribution, no reason not to use Use telnet on intranet not on Internet

15. SSH Designed to replace rlogin, rdist, rsh, rcp Custom designed protocol but includes encryption –IETF currently working on standardization Can safely tunnel X11 or arbitrary TCP ports Commercial and Open versions –OpenSSH on most Linux –Putty is a free windows client –Can tunnel other protocols through a firewall