Module 02 - Network Protocols

Published on June 2016 | Categories: Documents | Downloads: 66 | Comments: 0 | Views: 350
of 31
Download PDF   Embed   Report

Module 02 - Network Protocols

Comments

Content

Network Security Administrator

Module II: Network Protocols

Module Objectives
~Overview

of Network Protocols ~Serial Line Internet Protocol ~Point-to-point Protocol ~Internet Protocol ~Address Resolution Protocol ~Reverse Address Resolution Protocol ~Internet Group Management Protocol ~Internet Control Message Protocol ~Transmission Control Protocol

~ User

Datagram Protocol ~ File Transfer Protocol ~ Trivial File Transfer Protocol ~ Telnet Protocol ~ Simple Mail Transfer Protocol ~ Network News Transfer Protocol ~ Simple Network Management Protocol ~ Hyper Text Transfer Protocol ~ POP, IPV6

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Module Flow
Network Protocol: Overview Serial Line Internet Protocol Point-to-Point Protocol Internet Protocol Address Resolution Protocol Reverse Address Resolution Protocol EC-Council Internet Group Management Protocol Internet Control Message Protocol Transmission Control Protocol Trivial File Transfer Protocol Telnet Protocol Simple Mail Transfer Protocol Network News Transfer Protocol Simple Network Management Protocol Hyper Text Transfer Protocol
Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

User Datagram Protocol

File Transfer Protocol

Network Protocols: Overview

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Serial Line Internet Protocol
~ ~ ~ ~ ~

Introduced in 1980 and functions in the data link layer Offered a way to send IP datagrams over serial connections Provides dial-up access to Internet and LANs Preferred way for encapsulating IP packets due to less overhead Appends “slip end” character to datagram thus distinguishing the same
• No method for detection or correction of error in transmission • Doesn’t support encryption of data or authentication of connection

~Limitations:

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Point-to-Point Protocol
~ ~

Introduced in 1994 and functions in the data link layer Creates the session between the user system and the ISP for transferring IP packets over a serial link Encapsulates packets in HDLC based frames Broad framing mechanism as compared to the single END character in SLIP Supports encryption of data and authentication of connection
Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

~ ~

~

EC-Council

Internet Protocol
~

Introduced in 1970 and functions in the network layer Data-oriented protocol used by source and destination hosts for communicating data across a packetswitched internetwork Features:
• • • • Provides universally defined addresses Allows transmission that is independent of any lower level protocol Connectionless and unreliable protocol Doesn’t use acknowledgement after delivery

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Internet Protocol: Attacks and Countermeasures
~

~

Attacks: • Source Routing – An attacker can pick any source IP address desired if weak source routing is present • Routing Information Protocol Attacks – Used to propagate routing information on local networks so easy for attacker to route active host • Exterior Gateway Protocol Attacks – Easy for the attacker to impersonate a second exterior gateway for the same autonomous system Countermeasures: • Reject pre-authorized connections if source routing information was present • Use paranoid gateway that can block any form of host spoofing • Authenticate RIP packets in the absence of economical public-key signature schemes
Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

EC-Council

Address Resolution Protocol
~

Introduced in 1982 and functions in the network layer Dynamic resolution protocol, used for finding hosts Ethernet address from its IP address Encodes the IP address of the recipient in a broadcast message For correlation of addresses, two basic methods used are: • Direct Mapping – Converts layer three addresses to layer two addresses • Dynamic Resolution – Resolves layer three addresses into layer two addresses when only layer three address is known

~

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Address Resolution Protocol: Vulnerabilities and Security Measures
~

Vulnerabilities • Absence of authentication enables the attacker to forge ARP requests • Stateless protocol enables sending replies without corresponding ARP request • Vulnerable to ARP spoofing and Man-in-the-Middle attacks

~

Security Measures • Use DHCP to stop spoofed IP conflicts • Firewall should be configured to block ARP • Run a batch file with static ARP entries

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Reverse Address Resolution Protocol
~ ~ ~

Introduced in 1984 and functions in the network layer Protocol used to obtain the IP address from the given Ethernet address Features:
• Solves the bootstrapping problem • Backward use of ARP

~

Limitations:
• Manual configuration of each client’s MAC address on the central server • Non-IP protocol that cannot be handled with TCP/IP stack present on client computer

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Internet Group Management Protocol
Introduced in 1990 and functions in the network layer ~ Used to manage the multicast group in TCP/IP network ~ Features of three versions: • IGMP Version 0 – Supports the allocation of temporary group addresses between IP hosts and their immediate neighbor multicast agents • IGMP Version 1 – Supports the creation of transient groups • IGMP Version 2 – Supports group membership termination for quick report to routing protocol ~ Message Types: • Host Membership Report • Host Membership Query • Leave Group
~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Internet Control Message Protocol
~ ~ ~

Introduced in 1995 and functions in the network layer Allows devices to send error and control messages ICMP Messages: • Error Message – Gives feedback to the source about the occurred error • Informational Message – Allows the user to exchange information, implement IP related features and perform testing

~

Limitation: • Delivery of message is not assured if encapsulated directly within a single IP datagram

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Internet Control Message Protocol: Attacks and Security Measures
~

ICMP Attacks:
• Redirect Message Attacks • Subnet Mask Reply Attacks • Denial of Service Attacks

~

Security Measures:
• Restrict route changes to the specified location to prevent redirect attacks • Check the reply packet only at suitable time to block the subnet mask attacks • Authentication mechanism

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Transmission Control Protocol
~

Introduced in 1970 and functions in the transport layer Byte-stream connection oriented protocol providing reliable delivery Features and Functions:
• • • • • • Supports acknowledgement of received data by sliding window acknowledgement system Automatic retransmission of lost or unacknowledged data Provides addressing and multiplexing of data Establishes, manages and terminates the connection Offers reliability and transmission quality service Provides flow control and congestion management

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

User Datagram Protocol
~

Introduced in 1980 and functions in the transport layer Connectionless protocol used by applications that stress on fast rather than reliable delivery of datagrams Applications:
• • Used for streaming audio and video, videoconferencing Trivial File Transfer Protocol, Simple Network Management Protocol and online games Doesn’t support acknowledgement for received data or retransmission of lost messages Doesn’t offer flow control and congestion management
Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

~

~

~

Disadvantages:
• •

EC-Council

TCP, UDP: Attacks and Countermeasures
~

Transmission Control Protocol
• TCP Sequence Number Prediction Attack
– Constructs a TCP packet sequence without server response so allowing hacker to spoof a trusted host on a local network



Countermeasures
– Randomize the increment in number – Good logging and alerting mechanisms

~

User Datagram Protocol
• Attack
– Easy to spoof UDP packets than TCP packets, as there are no handshakes or sequence numbers



Countermeasures
– Applications that are using UDP should make their own arrangements for authentication

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

File Transfer Protocol
~

Introduced in 1971 and functions in the application layer Protocol used to exchange files over the Internet and uses TCP for transfer Features: • Promotes sharing of files • Supports indirect or implicit use of remote computers • Reliable and efficient transfer of data

~

~

~

Disadvantages: • Hard to filter the active mode FTP traffic on client side • More overhead since more number of commands are needed to start the transfer

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Trivial File Transfer Protocol
~ ~ ~ ~

Introduced in 1980 and functions in the application layer Protocol used to exchange files over Internet and uses UDP for transfer Preferred in situations where fast and simple transfer of small files are necessary Disadvantages compared to FTP: • Limited command set only for sending and receiving files • No authentication or encryption mechanism • Allows only simple ASCII or binary file transfer

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

FTP, TFTP: Vulnerabilities
~

FTP Vulnerabilities: • • • Directory Traversal – Allows remote attackers to escape the FTP root and read arbitrary files Buffer Overflow – Allows remote attackers to gain root privileges SITE EXEC Command Attack – Allows remote attackers to execute arbitrary commands via the SITE EXEC command • Vulnerability FTP Server – Allows local and remote attackers to cause a core dump in the root directory possibly with world-readable permissions

~

TFTP Vulnerabilities: • TFTP Vulnerability – Allows access to files outside the restricted directory by Linux implementations of TFTP

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

TELNET
~ ~ ~

Introduced in 1971 and functions in the application layer TCP based client-server protocol used on Internet and LAN connections Features: • • Offers user oriented command line login sessions between hosts on the Internet Allows user for remote login by opening connection to remote server Network Virtual Terminal (NVT) used for universal communication by all devices Avoids incompatibilities between devices by providing common base representation Symmetric operation for client and server

~

Major Concepts Of Foundation: • • •

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Simple Mail Transfer Protocol
~ ~ ~ ~

Introduced in 1981 and functions in the application layer Text-based protocol that defines one or more recipients for transferring the text messages SMTP uses MIME to encode binary text and multimedia files for transfer Features: • • • Defines the message format and Message Transfer Agent (MTA) that stores and forwards the mail Direct transfer of user’s mail to the server that can handle the mail using Domain Name Service Acts as a push protocol by restricting users to pull messages from remote server

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

TELNET, SMTP: Vulnerabilities
~

TELecommunication NETwork: • Vulnerability – Allows an attacker to bypass the normal system libraries and gain root access • Guessable Passwords – A Unix account has a guessable password

~

Simple Mail Transfer Protocol: • Vulnerability – Allows remote attackers to execute arbitrary code via a malicious DNS response message • Security Issues – Use a firewall to block incoming TCP protocol network traffic – Block TCP protocol network traffic on Windows Server 2000 because it handles Domain Name System (DNS) lookups

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Network News Transfer Protocol
~ ~

Introduced in 1986 and functions in the application layer Protocol used to connect Usenet group on the Internet and carry Usenet traffic over TCP/IP Functions: • Propagates messages between NNTP servers • Allows NNTP clients to post and read articles • Handles both inter-server and clientserver communication using NNTP command set

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Network News Transfer Protocol: Vulnerability and Countermeasures
~

NNTP Vulnerability: • Allows remote attackers to execute arbitrary code via XPAT patterns that are related to improper length validation

~

Countermeasures: • Enable advanced TCP/IP filtering on systems that support NNTP • Block the affected ports by using IPSec on the affected systems • Remove or disable NNTP if there is no need for it

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Simple Network Management Protocol
~

Introduced in 1987 and functions in the application layer Protocol used to communicate management information between network management stations and managed devices Components: • Master Agents – Responds to SNMP requests made by a management station • Subagents – Implements the information and management functionality • Management Stations – Receives requests for management operations on behalf of administrator

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Simple Network Management Protocol: Security Issues And Models
~

Security Issues • • MIB objects contain critical information about network devices Community strings are passed in clear text in messages, easily sniffed and provides weak authentication Party Based Security Model – A logical entity called party specifies a particular authentication protocol and privacy protocol • User Based Security Model – Provides the security based on access rights of a user of the machine • View Based Access Control Model – Well control for accessing objects on a device

~

Security Models •

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Hyper Text Transfer Protocol
~

Introduced in 1990 and functions in the application layer Communication protocol used to establish a connection with a Web server and transmit HTML pages to the client browser Stateless request/response system between client and server Features: • Supports multiple host name • Performance enhancement due to multiple requests in a single TCP session • Improved efficiency due to method caching and proxying support • Provides security by authentication methods

~

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Hyper Text Transfer Protocol: Vulnerabilities
~

Cross-site Scripting
• Allows remote attackers to execute arbitrary Javascript on other web clients

~

Directory Traversal
• Allows attackers to access restricted directories and execute commands outside of the web server's root directory

~

MailMan Webmail
• Allows remote attackers to execute arbitrary commands via shell metacharacters

~

Buffer Overflow
• Allows remote attackers to execute arbitrary commands via a long password value in a form field

~

eWave
• Allows remote attackers to upload files

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Post Office Protocol
~

A protocol used to retrieve emails from a email server Indicates the action of transferring emails from the inbox of mail server to the inbox of the client POP3 is an enhanced version that works with/without SMTP mail gateways POP3 services run on port number 110 as defined by the IANA Features: • Supports offline mail processing and persistent message IDs • Offers access to new mail from various client platforms anywhere across the network

~

~

~

~

EC-Council

Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

Summary
~

TCP/IP suite offers protocols at four different layers:
• Data Link Layer
– Point-to-Point Protocol Creates the session between the user system and the ISP for transferring IP packets over a serial link

• Network Layer
– Internet Protocol is data-oriented protocol used by source and destination hosts for communicating data across a packet-switched internetwork

• Transport Layer
– Transmission Control Protocol is byte-stream connection oriented protocol providing reliable delivery

• Application Layer
– File Transfer Protocol is used to exchange files over the Internet and uses TCP for transfer
Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited

EC-Council

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close