บทที่2: the security review of protocols€¦ · 2 complexity of the communication...
TRANSCRIPT
1
บทที่ 2: THE SECURITY REVIEW OF PROTOCOLS
ขอบเขตของเนื้อหา
Upper
Lower
Upper Layer
Layer
2
COMPLEXITY OF THE COMMUNICATIONUpper Layer
HTTP, SMTP, FTP, Telnet, IM, RSS, …..
Lower LayerARP ,IP, TCP, UDP, ICMP, DNS, DHCP, …..
Client and ServerClient initially connect to Server by using Ports depends on Application
http: 80SMTP: 25DNS: 53SSh: 22
BASIC PROTOCOL
ARPS di MAC dd f E h h h i Sending MAC address of Ethernet to other hosts in the network48 bits
IPUsing a set of numbers to identify a hostg yIPV4, IPV6
TCP VS UDP VS ICMP
3
BASIC PROTOCOL
ARPO D li k lOperate on Data-link layerSending MAC address of Ethernet to other hosts in the network (48 bits)Can be faked, called ARP Spoofing, using MAC-SPOOFINGPOPULAR attack on WIFI, using MAC filter
INTERNET PROTOCOL
IPU i f b id if hUsing a set of numbers to identify a hostCan limit the set of groups by using netmaskIPV4, IPV6Can be easily spoofedNo Transmission Sequenceq
4
TCP TCP
Operate on Transport LayerTCP P k t i d g t t tTCP Packet required segment structure
TCP (ตอ)TCP (ตอ)
Having Flow Control
5
UDPUDP
Having No Flow Control
TCP VS UDP
6
ICMP
Used to send the control message onlyNo Port number requiredNo guaranty of deliveryCan be boardcasted
Ex: Ping
ICMP TYPE CODES
7
BASIC CONCEPTS
DNS
Domain Name SystemU d h i h IP ddUsed to map host name with IP addressUsing UDP Packet with Port 53Common Implement called “Bind”
Name ServerRoot serverRoot serverLocal Name Server
Zone Transfer
8
DNS
IPV4 VS IP V6
128 bit IPMA Address use to communicate with multiple access called anycastReplace ARP with Neighbor Discovery using Authentication HeaderCommunicate with IPV4 using NAT Box to Communicate with IPV4 using NAT Box to convert
9
ATTACK ON LOWER LAYER
ARP: SpoofingIP: SpoofingTCP: DDoSICMP and UDP: FloodDNS : Forward name
UPPER LAYER
SMTPPOP version 3IMAP version 4Instant Messaging
10
SMTP
Simple Mail Transfer Protocol (SMTP)7-bits Send-Recv packet (ASCII)7 bits Send Recv packet (ASCII)Sendmail Application on unix work as root.
Denial of Service (DoS) attackOpen-relays
POP VERSION 3 AND IMAP VERSION 4
POP version 3Post Office Protocol Post Office Protocol Download mail from host, save to PCDelete mail in mailbox after finish downloadWork with SMTP; POP3 Authentication prevent Open relays on SMTP
IMAP Version 4Remote access to mail serverSMTP is used to Send mail.Support Challenge/Response authentication
11
INSTANT MESSAGING
American Online (AOL)ICQMicrosoft MessengerJabber : SSL supported
RPC-BASED PROTOCOLS
RPC and Rpc-bindNFSNFSAndrew
12
REMOTE PROCEDURE CALL (RPC)
Compile stub or glue routine by precompilerW k b h TCP d UDPWork on both TCP and UDP
Data will lost on UDP
Support DES algorithm with Diffie-hellmanNow use DES-Authenticated RPC with Kerberos on OSF’s distributed computing Environmenton OSF s distributed computing EnvironmentRPCbind is port mapper
Network File System by SUN Microsystem
NFS
Work on UDP RPCStateless ServerStandard port 2049RPCBind has used in new version
13
ANDREW
Andrew File System (AFS) work with NFSK b i dKerboros is usedAFS more secure than NFS
FTP
TFTP: Trival File Transfer ProtocolUDPUDPUse for Diskless workstation and X11 terminalSuch as RouterEasy to Dictionary attack
FTP: File Transfer ProtocolFTP: File Transfer Protocol
14
REMOTE LOGIN
TelnetThe “r” Commands
BSD AuthenticationVia TCP
SNMPControl device ex RouterControl device ex. Router
SSHReplace rlogin, rdist, rsh, rcp
WEB PROTOCOL
httpPort 80URLCookies
15
SSL
Operate over httpTransmit DataRequired Certificate
RISK TO CLIENT
Active XJava and Applet : CGI ScriptJavaScriptBrowser
16
RISK TO SERVER
Access ControlB i A h i iBasic AuthenticationDigest Authentication
Server-Side ScriptWeb Server and Firewall
WEB SERVER AND FIREWALL
17
WEB DATABASE
Using SQL and ScriptAPI S i
www.themegallery.com
API Script
จบ บทที่ 2จบ บทท 2