-
when you break one thing you break the whole network
Single point of failure
-
in a network, something takes place at the failure
Resilience/Fault tolerance
-
one computer talking to other computer
simple network
-
Clients(nodes) talk to a host, or hosts- they communion through some communication medium
Networks
-
in a network applications says give me all data
Fat
-
network - not doing any work
thin
-
network of networks
internet
-
sits on top of the internet - http
WWW
-
a network characteristic - social loafing, flaming, avatars(psuedonymity) social risks and benefits -
anonymity
-
machines do most, and sometimes all the communication
automation
-
network characteristic - we can have it - a lot of it
distance
-
network characteristic - you have no clue about where, physically, other nodes are. And you don't need to care
opaqueness
-
network characteristic - many paths, circuit vs. packet switching
routing diversity
-
in a computer - an mp3 would be borken down into many of these, get cut into millions of pieces and send rout that is fastest and then they get put back toegether
packet
-
shape and size of a network- physical vs logical - star vs ring vs bus
topology
-
A simple hub looks like a star but acts like a
bus
-
a ______ ____ network looks like a star but works like a ring
token ring
-
the internet blurs this - networks of networks
boundaary
-
who owns the network vs who owns the hosts and clients - net nuetrality
ownership
-
no one person made the internet and no one should get to control it
net neutrality
-
if ownership is fuzzy, so must ____ be fuzzy
control
-
fast, huge bandwidth, difficult to intercept, cannot bend much, this to desktop is awesome, almost no attenuation
optical fiber
-
bounced from receiver to receiver, limited to about 30 miles, affected by rain, ducks, almost no attenuation
microwave
-
short distances(9 miles max), needs clear line of sight, typically used between peripherals and laptops, pretty much old/dead tech
infared
-
use in geosynchronous orbit, abou 22,300 miles up - footprint, propagation delay- has horrid lag
satelite
-
in a satelite - the area of dispersion
footprint
-
in a satelite - the time it takes a signal to go up and bounce back
satelite
-
agreed upon rules for how we will do something, like communicate electronically
protocol
-
all people seem to need data processing
osi model
-
network communication - 1s and 0s
digital
-
network communication - bits are points in a wave
analog
-
modems convert between digital and ____ - MOdulator-DEModulator
analog
-
UTP or twisted pairs of copper wire - twisting reduces crossover between wires, high attenuation(weaker and fuzzier signals over distance) - CAT 5 cable is four pairs of twisted wire
cable - easy to intercept
-
like for cable tv- less attenuation than cable - used to be common in LANs until CAT 4/5
coaxial cable - easy to intercept
-
Application layer takes your input, formats it into a header and a body, puts it in a standard email format - presentation layer may compress that message, encrypt it, do some character conversions - no session layer as e-mail is a oneway trip - transport layer will handle error detection or correction
OSI Model - E-mail Example
-
OSI Model Addressing: destination address, source address, data
Network layer adds
-
OSI Model Addressing: Together a destination address, source address, and data form a
packet
-
OSI Model Addressing: MAC addresses of sender and receiver ( every network device has a mac address permanentrly attached to it, all of this comprises a frame
Data Link Layer adds
-
OSI Model Addressing: defines the mechanical aspects of electronic communication - what power level is o and what is 1
Physical layer
-
Is a protocol stack, four layers: application, host to host transport, internet, physical
TCP/IP Model
-
connected communications session on top of IP
TCP
-
basic transport protocol
IP
-
takes variable length messages from the application layer and makes packets
Transport layer
-
moves packets in datagrams
Internet layer
-
ensures proper sequencing retransmission of lost packets
TCP protocol
-
has sequence numbers, acknowledgement number, flags source destination ports
TCP packet
-
80- HTTP, 23- TELNET, 25 SMTP, 161 SNMP
Source and destination ports
-
no error checking, smaller, faster protocol, good for time-senstivie communication where some packet loss is ok, used for SNMP, time, etc
UPD Packets
-
32 bit address in 8 byte groups, URL, DNS servers translate from domain name up, your systems keep a small lookup table or recently translated URLs too
IP address
-
LAN, WAN(CAN MAN), SAN, Intranets, Internet
Network Types
-
anonymity, many points of attack, sharing, system complexity, unknown perminter, unknown path
Network Vulnerabilities
-
we can't see who or from where we are being attacked
anonymity
-
targets and origins, many hosts along the way
many points of attack
-
networks lead to networks
sharing
-
computer O/S is complex, even the most simple network is doubly so, middleware
Network Vulnerability
-
hosts access multiple networks, creating unknown connections and security rule clashes
unknown permimeter
-
It's not as simple as A to B, you may pass through many other nodes
Unknown path
-
Challenge, Money and Espionage, Organized crime, Ideology (hactivisim, cyberterrorism)
Attacker Motives
-
tells what ports are open on what computers, Nmap is a great tool
Port Scan
-
Learn about system architecture, Learn about physical layout
Social Engineering
-
Collecting information, Eavesdropping, dumpster diving
Reconnaissance
-
Intelligence, Port Scan, Social Engineering, O/S application fingerprinting, Bulletin boards, chats, Google, Documentation
Reconnaissance
-
Eavesdrop or monitor traffic, Wiretapping, Microwave, Satellite, Optical Fiber, Wireless
Transit Threats
-
passive and active, cable - packet sniffers, Inductance
Wiretapping
-
guessing passwords, defualt passwords, dead accounts, eavesdropping, avoidance, nonexistent authentication, spoofing, masquerade
Impersonation
-
Cain and Abel is greaet for this
Eavesdropping
-
Avoid authentication entirely(overflow, find old, bad O/S still in use)
Avoidance
-
Piggyback on a trusted authentication , use guest accounts
Nonexistent Authentication
-
Spoof IP address, MAC address, MITM attacks
Spoofing
-
Think Phishing, Register similar or mistyped URLs
Masquerade
-
Makes for fun emails - reply al
Misdelivery
-
message travel through many nodes, each one is a point of attack
exposure
-
good reason to use pgp, reusing messages, reusing official gifs
Falsification
-
Malformed packets, Protocol failures
Format Failure
-
Can crash services
Malformed packets
-
SNMP, SMTP, DNS
Protocol Failures
-
Defacement, Buffer Overflows, Dot-Dot-Slash. Application Code Errors, Server side include, Denial of Service, Syn Flood, Teardrop, Traffic redirection, DNS attack, Distributed Denial of Service Attack, Plant trojans on tons of computers,
Web Site Vulnerabilities
-
Web Site Vulnerability: IIS was and is a nightmare
Defacement
-
Web Site Vulnerability: If you let me enter a file name, I can transverse your directpry structure
Dot-Dot-Slash
-
Web Site Vulnerability: altering the code shown in the URL
Application Cod Errors
-
Some web pages do functions automatically, like send an e-mail address in contact us, exec is the worst possible include
Server-side include
-
Web Site Vulnerability: connection flooding - ICMP, Ping of death, Smurf attack
Denial of Service
-
I send more pings than your bandwidth can respond to, or I send a huge ping packet
Ping of Death
-
Web Site Vulnerability: Send SYN requests, but no ACK, Crashes the SYN_RECV queue, Uses a different spoofed address for each request
Syn flood
-
Web Site Vulnerability: send fragmented IP datagrams that cannot possibly be put back together, Locks up the O/S
Teardrop
-
Web Site Vulnerability: Get a router to advertise itself as the best path to every address in the network, It gets slammed ,dies
Traffic redirection
-
Can get a DNS server to point to nonexistence entries or rerout it maliciously
DNS attack
-
Active/Mobile Code: Not really a big threat except in aggregation
Cookies
-
Active/Mobile Code: CGI scripts, asp, php, etc.
Scripts
-
Active/Mobile Code: Java, Active X Controls
Active Code
-
Active/Mobile Code: embedded into video files, flash, basically anything that runs in your browser
Viruses/trojans
-
Local nodes conntected via
Local communication links to a
Local area network, which also has,
Local data storcage
Local processes, and
Local devices
Local Network
-
Network gateway, which give access via
Network communication links to
Network control resources,
Network routers, and
Network resources, like databases
Local Network is connected to
-
Threats: on local machine, anywhere in the network
Read communications
-
Threats: at any place in the network
Modify communications
-
Threats: at any point in the netwrok
Forge Communications
-
Threats: Local machines, Routers in the network, Communication links, Disrupting the network
Inhibit communications
-
Threats: MITM Attack - convnce up stream device that I am you and that you are upstream
Read data
-
Threats: at any node between the sender and receiver
Modify or destroy data
-
Network Architecture: allows for separate access, keeps risks localized to one area
segmentation
-
Network Architecture: raid arrays, servers in failover mode, check with one another periodically, take over if one doesn't respond, avoid single points of failure
Redundancy
-
Protects message in transit from host to host, no protection while on a host, works at the data link or physical layer, invisible to the user, done with hardware, requires one key per host pair
link encryption
-
encrypted at the highest OSI layers, protected at each host, user applies the encryption, hardware or software implementation, requires one key per user pair
end to end encryption
-
users link encryption between the client and a firewall, VPN connections can have different security privileges for each user or user class
virtual private networks
-
provides authenticate and encrypted path to the shell (the O/S command interpreter) - allows for safe management of servers over a network
SSH Encryption
-
AKA TLS - Designed by Netscape for secure communication btween a web broswer and a server, Asymmetric encryption to pass the key, Symmetric encryption for the session
SSL Encryption - Secure Sockets Layer
-
Part of the IPv6 suite - running out of IP addresses, Implemented at the IP layer so it affects TCP and UDP, like SSL
IPSec
-
Set of security parameters for a secured communication channel - sepected by a secuirty parameter index, just a pointer to a table of security associations, Authentication Header, Encapsulated Security Payload
Security Association
-
Packet Sequence number is incremented by one for each packet sent to the same address using the same SPI - this precludes packet replay attacks , Uses ISAKMP
Encryption - IPSec
-
A distict key is generated for each secuity association -Implemented throuhg IKE
ISAKMP - Internet SEcurity Association Key Management Protocol
-
done with a digital signature, doesnt do much for small software shops
signed code
-
used by commerail mail programs- Microsoft exchange
S/MIME - Encrypted e-mail
-
Parity check - extra bit added to a bunch of bits, 0 if they sum to an even number 1 if they sum to an odd number, Only sinle bit erros
Error detection
-
Your RAM may have it, for example Message digests, hashing
Error Correction Codes
-
Error detection, Error correction codes, message digests
Content Integrity
-
One time password, Password token
Strong Authentication
-
physical device that frequently generates a new, random password - User types in password, server checks to see if it is the right one
Password token
-
Strong Authentication: like a password token, but you also input your PIN, Prevents unauthorized use of the physial token device
Challenge Response System
-
Strong Authentication: for authentication between two non-human entities - server A sends a message to Server B, encrypted with Server B's public key - server B sends a message back to server A, encrypted with Server a's public key - then either can send a password to start symmetrci encryption
Digital Distributed Authentication
-
Strong Authentication: SSID, basically the network name of the access point - WEP 63 to 128 bit encryption , easily broken
Wireless Security
-
The network name of the access point
Service Set Identifier - SSID
-
64 or 128 bit encryption - easily broekn WEPCrack, AirSnort
WEP - Wired Equivalent Privacy
-
Uses TKIP changes the encryption each packet, WEP never changed the key unless the user did so at the access point and the client - Weak keys still make for vulnerabilities, WPA uses stronger encryption
Wireless Security
-
Hardware or Software - Packet Filter Firewall, Stateful Inspection Firewall, Application Proxy
Firewalls
-
Soley on the basis of IP addresses and ports, cannot see inside the packet, can black what goes out and what goes in
Packet Filter Firewall
-
tracks packets putting them together, stops attacks that hide in many small packets
Stateful Inspection Firewall
-
Runs psuedoapplications, Looks inside packets, only passes on accepted requests to the real applcation
Application Proxy
-
like an application prozy with lots of rules
Guard
-
Intrusion detection systems - looks for patterns matching a known attack
signature based
-
Intrusion Detection Systems - look for anomalies, odd behavior. must be trained - like a puppy
heuristic
-
Intrustion Detection Systems - runs on a single client or host
host based
-
Intrustion Detection Systems - a computer on the network whose sole function is to act as an IDS
Network Based
-
Most ___ run in stealth mode, to prevent them from being attacked
IDS
-
Current Computers use
Bits - 1 or 0
-
Quantum computers use - 1 or 0 or a statistical combination of both, stored in sub-atomic particles
qubits
-
3 buts cane be in one of 2^3 states
3 qubits are in ___ states at onces
all
-
the property that 3 quibits are in all states at onces allows for
massive parallelism
-
can theoretically perform trillions of operations per second - today's computers run billions
a quantum computer
-
MIT and Los Alamos create a stable qubit
1998
-
Los Alamos makes a 7 qubit quantum computer in a single drop of liquid & IBM makes a 5-qubit computer
-
-
IBM and Stanford make a 7-qubit computer that finds the factors of 15
-
-
University of Innsbruk makes a qubyte - series of 8 qubits
-
-
Waterloo and Massachusetts scientists make a 12 cubit computer
2006
-
Photons can spin in one of three basis- rectilinear basis of vertical 0 degress and horizontal 90 degrees - diagonal basis of 45 degrees and 135 degrees - circular basis of left and right handedness
Quantum Cryptography
-
Los Alamos/NIST get it to work over 148.7km of optical cable - European scientists have achieved the same distiance in open air
March 2007
-
has an active 10 node quantum crypto network running
since 2004
-
is not currently hackable through social engineering rules still apply
Quantum computing
|
|