Lecture 8 Network Security Part 1 PDF

Summary

This document is a lecture on network security, focusing on the OSI and TCP/IP models, common threats and vulnerabilities and features related to IP.

Full Transcript

Lecture 8 Network Security Part 1 Dr Vicky Liu [email protected] OSI and TCP/IP models 2 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: A...

Lecture 8 Network Security Part 1 Dr Vicky Liu [email protected] OSI and TCP/IP models 2 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 3 Vulnerability/Threat/Risk • Vulnerability – Special Publication 800-61 Computer Security Incident Handling Guide by National Institute of Standards and Technology. (NIST SP 800-61 Rev. 2): – A weakness in a system, application, or network that is subject to exploitation or misuse. 4 Vulnerability/Threat/Risk (cont.) • Threat – ISO 27005 defines threat as: A potential cause of an incident, that may result in harm of systems and organization. – Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. 5 Cyber Risk A definition from Wikipedia • Cyber risk arises from the potential that a threat may exploit a vulnerability to breach security and cause harm. 6 Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 7 The Internet Protocol (IP) v4 Header Fields 8 IP Header fields • Version: IPv4 or IPv6 • Head Length: 20 up to 40 bytes • Differentiated Services: for managing network performance Quality of Service (QoS) • Total Length: Total Length minus the Head Length = payload length • Time to Live (TTL): for preventing packet looping • Checksum: for detecting header corruption • Options: for providing special-delivery (routing) instructions 9 IP Protocol Features • Best-effort delivery – IP routes and sends a packet to the destination. IP provides no guaranteed delivery of packets – Packet loss is left to the higher layer protocols – The network has variable delays, it is not guaranteed that the packets will be received in sequence. • Connection-less service – Each packet is individually addressed and routed, rather than in the setup a prearranged connection channel for data transmission – It is possible that two packets from the same source take different paths to reach the destination. 10 IP Protocol Features (cont.) • Routing – Packets go through a series of routers before they reach the destination. – At each node that the packet passes through, the node determines the next hop for the packet and routes it to the next hop. • Quality of Service (QoS) control – QoS optimizes the network by setting packet priorities (classification marking) 11 IP Fragmentation • What is IP fragmentation? – Fragmentation is necessary for data transmission, as every network has its maximum transmission unit (MTU), the largest number of bytes an individual packet can have on a particular network – If a packet is being sent that is larger If a packet is being sent that is larger than the network’s MTU, it must be fragmented to be transmitted. • Who assembles the fragmented packets? – When the destination host receives IP fragments, it allocates memory in preparation for fragment reassembly. 12 The Internet Protocol (IP) Header Fields 13 Fragmentation 3 fields in the IP header are related to fragmentation  Identification (16 bits) •   • The identification number is copied into every fragments when a datagram is fragmented. In support of fragmentation and reassembly • • • First bit unused D is Do not fragment bit M more fragment bit Flags (3 bits) U D M Fragmentation Offset (13 bits) • • • The offset of the data in the original datagram was measured in units of 8 bytes The first fragment has an offset of zero It only records the 1st byte number of that fragmented packet P4.1 Fragmentation Offset Calculation An IP packet is 4020 bytes MTU of the outgoing NIC = 1420 bytes Ver Hle n Serv Type Identification Protocol 0 0 1 0 Total length Flags Frag Offset 1444 TTL 1444 Fragment 1: Flags 001 (reserved, fragment, more to come) Frag Offset: 0 (data starts at offset 0 - it starts with the first byte of data). Checksum 1444 0 0 1 1400/8 =175 IP Source Address IP Destination Address Sending the 4020 byte datagram will require 3 fragments: The MTU is 1420 but each payload must include a 20 byte IP header (at least) so we can only send 1400 bytes of the IP data in a fragment. Fragment 2: Flags 001 (reserved, fragment, more to come) Frag Offset: 175 (1400/8 - measured in units of 64 bits - 8 bytes) (data starts at offset 1400 - 1400 is the first byte in this fragment). 1444 0 0 0 2800/8 = 350 Fragment 3: Flags 000 (reserved, fragment, last) Frag Offset: 350 (2800/8) (data starts at offset 2800 - 2800 15 is the first byte in this fragment. IP 16 IP Spoofing/DoS • An attacker can send packets/datagrams from a false source address to disguise itself. • Denial-of-service (DoS) attacks often use IP spoofing to overload networks and devices with packets that appear to be from legitimate source IP addresses. 17 Issues with IPv4 Fragmentation Fragmentation causes increase overhead in CPU and memory and slow down network performance. • Intermediate router – Creates fragment headers – Computes checksums – Copies the original packet into the fragments • Receiving host – When reassembling the fragments the receiver must allocate memory for the arriving fragments and joint together fragments into one packet after all of the fragments are received – If one fragment is dropped, the entire original packet must be resent. • The TTL time exceeded ICMP message (with Fragment reassembly 18 timeout) is sent to the sender. Outline • Layer 3: Network – Internet Protocol (IP) – Address Resolution Protocol (ARP) – Internet Control Message Protocol (ICMP) • Layer 4: Transport – Transmission Control Protocol (TCP) • Layer 7: Application – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) 19

Use Quizgecko on...
Browser
Browser