Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP and Internet Security CSEM02 University of Sunderland Harry R. Erwin, PhD.

Published byDortha Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "TCP/IP and Internet Security CSEM02 University of Sunderland Harry R. Erwin, PhD."— Presentation transcript:

1 TCP/IP and Internet Security CSEM02 University of Sunderland Harry R. Erwin, PhD

2 Resources Garfinkel and Spafford, 1996, Practical UNIX and Internet Security, O’Reilly, ISBN: 1-56592-148-8 B. Schneier, 2000, Secrets and Lies, Wiley, ISBN: 0-471-25311-1. Daniel J. Barrett and Richard E. Silverman, 2001, SSH, the Secure Shell, O’Reilly, ISBN: 0-596- 00011-1 Eric Rescorla, 2001, SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, ISBN: 0-201-61598-3

3 TCP/IP The most general packet and message-level protocol in use. Operates on LANs, WANs and other network protocol. We will discuss IPv4 There will be some overlap with lecture 6b.

4 Internet Addresses Dotted quartile –4 8-bit integers Unique in some sense (except that a local LAN may have only one address visible to the outside) Multiple address classes mean that not all addresses are usable. Classless InterDomain Routing (CIDR) has been introduced to address this.

5 Routing Routing is transparent Local hosts send packets to their gateway. The gateway is a router and handles matters from that point. The architecture routes around outages and failures.

6 Hostnames The name of the computer (not its address). Hostname IP Addresses may be many to many! Hostnames begin with an alphanumeric character and may contain letters, numbers, and a few symbols. Case is ignored. Two parts: machine name and domain. The first period is the separator.

7 Packets and Protocols ICMP—for control TCP—for connection-oriented service UDP—for connectionless service IGMP—for multicasting control

8 ICMP In-band control of internet operations. Examples: –Echo request and echo reply –Destination unreachable –Source quench –Redirect –Etc…

9 TCP Reliable, ordered, connection-oriented service. Connects (16 bit) ports at (32 bit) IP addresses. SYN and ACK bits in the packet header are used to negotiate new connections. –SYN set to request the connection –SYN and ACK set to ack the request –ACK set to confirm the connection –Three-way handshake This protocol allows unfriendly outsiders to detect which ports are being listened to.

10 UDP Unreliable connection-less service 10 times more throughput than TCP 53—dns 69—tftp 111—sunrpc 137—windows blithering 161—snmp

11 Clients and Services Clients initiate connections to servers. Sometimes this is logically backwards as in X-Windows, where the client is the sender of the information, and the server is the machine requesting the information. Daemons are servers that wait for user requests.

12 Name Service The conversion from a name to an address is handed by a domain name server (DNS). UDP is used, so a workstation may need to make multiple requests. In UNIX systems, DNS is usually handled by bind. Alternatives: –NIS –NetInfo –DCE

13 TCP Services 21—ftp 23—telnet 25—smtp 42—nameserver 43—whois 79—finger 80—http 109, 110—pop 113—auth 119—nntp

14 TCP/IP Security Risks include: –Sniffers –IP spoofing –Connection hijacking –Data spoofing

15 Causes of Weak Internet Security Underestimation of the hostility of the internet environment Overriding importance of message/packet transfer Evolution

16 Alternatives Encrypt the link Protect the link Encrypt the packets Encrypt the message Encrypt the session Peter Dunne has discussed this.

17 Limitations of Encryption Does not protect against deletion Trapdoors may exist in the encryption program Data can be accessed when not encrypted. Encryption can be broken. Keys can be weak.

18 The Problem IPv4 is insecure. Most TCP/IP services are unencrypted. This allows anyone to monitor and reconstruct connection traffic on the internet. Requirements for the following can be identified: –Encrypted connections between parties known to each other. –Third-party authentication and encrypted connection establishment when parties are not known to each other.

19 Solutions SSH to support encrypted sessions SSL to provide trusted third-party authentication and to support encrypted sessions.

20 SSH “Secure shell” Transparent encryption. Modern, secure encryption algorithms Reliable, fast, and effective Client/server interaction Eliminates.rhosts and hosts.equiv

21 Services Provided Replaces: –rsh and telnet with ssh –rlogin with slogin –rcp with scp –ftp with sftp Protocols –ssh-1 –ssh-2

22 SSH1 Authentication Mechanisms 1.Kerberos 2.Rhosts (trusted host authentication, insecure) 3.RhostsRSA (trusted host authentication, insecure) 4.Public-key (RSA) 5.TIS 6.Password (various flavors, relatively insecure)

23 SSH2 Authentication Mechanisms 1.Public-key (DSA, RSA, OpenPGP) 2.Hostbased 3.Password

24 Ciphers SSH1 –3DES, IDEA, ARCFOUR (alleged RC4), DES SSH2 –3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR

25 Port Forwarding SSH can forward or tunnel ports, allowing you to run insecure services securely. ssh -L 3002:localhost:119 news.yoyo.com

26 A Simple Example ssh -l harry harry.sunderland.ac.uk This allows me to log into harry@harry.sunderland.ac.uk harry@harry.sunderland.ac.uk Another way of doing the same thing is ssh harry@harry.sunderland.ac.uk

27 Using scp scp harry@harry.sunderland.ac.uk:myfile afileharry@harry.sunderland.ac.uk:myfile This transfers myfile from my home directory on harry.sunderland.ac.uk to afile locally. You can also use sftp similarly to ftp.

28 Threats Countered by SSH Eavesdropping DNS and IP Spoofing Connection Hijacking Man-in-the-Middle Attacks Insertion Attack

29 SSL Secure Sockets Layer An authentication and encryption technique that provides security services to TCP by a socket- style API. Relies on certificates issued by a trusted third party. Invented by Netscape. Is being replaced by TLS (Transport Layer Security)

30 Services Provided Secure http pop imap smtp ftp rmi corba iiop telnet ldap

31 SSL Functions Confidential transmission Message integrity Endpoint authentication

32 How It Works An understanding of how SSL works is necessary to use it safely. Uses public key cryptography. Trusted third parties (Certificate Authorities) provide the certificates that contain the public keys. Supports many encryption algorithms.

33 SSL-Enabled UNIX Clients curl, ethereal, ettercap, lynx, stunnel, gabber, links, mutt, xchat, bitchx, lftp, neon, openldap, openslp, pine, various database managers.

Download ppt "TCP/IP and Internet Security CSEM02 University of Sunderland Harry R. Erwin, PhD."

Similar presentations

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Upper OSI Layers Lecture 10, May 7, 2003 Mr. Greg Vogl Data Communications and Networks Uganda Martyrs University.

Upper OSI Layers Lecture 10, May 7, 2003 Mr. Greg Vogl Data Communications and Networks Uganda Martyrs University.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
2000 Copyrights, Danielle S. Lahmani UNIX Tools G22.2245-001, Fall 2000 Danielle S. Lahmani Lecture 10.

2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.

CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Similar presentations

Ads by Google