Академический Документы
Профессиональный Документы
Культура Документы
Module Objectives
~Overview
of Network Protocols ~Serial Line Internet Protocol ~Point-to-point Protocol ~Internet Protocol ~Address Resolution Protocol ~Reverse Address Resolution Protocol ~Internet Group Management Protocol ~Internet Control Message Protocol ~Transmission Control Protocol
~ User
Datagram Protocol ~ File Transfer Protocol ~ Trivial File Transfer Protocol ~ Telnet Protocol ~ Simple Mail Transfer Protocol ~ Network News Transfer Protocol ~ Simple Network Management Protocol ~ Hyper Text Transfer Protocol ~ POP, IPV6
EC-Council
Module Flow
Network Protocol: Overview Serial Line Internet Protocol Point-to-Point Protocol Internet Protocol Address Resolution Protocol Reverse Address Resolution Protocol EC-Council Internet Group Management Protocol Internet Control Message Protocol Transmission Control Protocol Trivial File Transfer Protocol Telnet Protocol Simple Mail Transfer Protocol Network News Transfer Protocol Simple Network Management Protocol Hyper Text Transfer Protocol
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Introduced in 1980 and functions in the data link layer Offered a way to send IP datagrams over serial connections Provides dial-up access to Internet and LANs Preferred way for encapsulating IP packets due to less overhead Appends slip end character to datagram thus distinguishing the same
No method for detection or correction of error in transmission Doesnt support encryption of data or authentication of connection
~Limitations:
EC-Council
Point-to-Point Protocol
~ ~
Introduced in 1994 and functions in the data link layer Creates the session between the user system and the ISP for transferring IP packets over a serial link Encapsulates packets in HDLC based frames Broad framing mechanism as compared to the single END character in SLIP Supports encryption of data and authentication of connection
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
~ ~
EC-Council
Internet Protocol
~
Introduced in 1970 and functions in the network layer Data-oriented protocol used by source and destination hosts for communicating data across a packetswitched internetwork Features:
Provides universally defined addresses Allows transmission that is independent of any lower level protocol Connectionless and unreliable protocol Doesnt use acknowledgement after delivery
EC-Council
Attacks: Source Routing An attacker can pick any source IP address desired if weak source routing is present Routing Information Protocol Attacks Used to propagate routing information on local networks so easy for attacker to route active host Exterior Gateway Protocol Attacks Easy for the attacker to impersonate a second exterior gateway for the same autonomous system Countermeasures: Reject pre-authorized connections if source routing information was present Use paranoid gateway that can block any form of host spoofing Authenticate RIP packets in the absence of economical public-key signature schemes
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Introduced in 1982 and functions in the network layer Dynamic resolution protocol, used for finding hosts Ethernet address from its IP address Encodes the IP address of the recipient in a broadcast message For correlation of addresses, two basic methods used are: Direct Mapping Converts layer three addresses to layer two addresses Dynamic Resolution Resolves layer three addresses into layer two addresses when only layer three address is known
EC-Council
Vulnerabilities Absence of authentication enables the attacker to forge ARP requests Stateless protocol enables sending replies without corresponding ARP request Vulnerable to ARP spoofing and Man-in-the-Middle attacks
Security Measures Use DHCP to stop spoofed IP conflicts Firewall should be configured to block ARP Run a batch file with static ARP entries
EC-Council
Introduced in 1984 and functions in the network layer Protocol used to obtain the IP address from the given Ethernet address Features:
Solves the bootstrapping problem Backward use of ARP
Limitations:
Manual configuration of each clients MAC address on the central server Non-IP protocol that cannot be handled with TCP/IP stack present on client computer
EC-Council
EC-Council
Introduced in 1995 and functions in the network layer Allows devices to send error and control messages ICMP Messages: Error Message Gives feedback to the source about the occurred error Informational Message Allows the user to exchange information, implement IP related features and perform testing
Limitation: Delivery of message is not assured if encapsulated directly within a single IP datagram
EC-Council
ICMP Attacks:
Redirect Message Attacks Subnet Mask Reply Attacks Denial of Service Attacks
Security Measures:
Restrict route changes to the specified location to prevent redirect attacks Check the reply packet only at suitable time to block the subnet mask attacks Authentication mechanism
EC-Council
Introduced in 1970 and functions in the transport layer Byte-stream connection oriented protocol providing reliable delivery Features and Functions:
Supports acknowledgement of received data by sliding window acknowledgement system Automatic retransmission of lost or unacknowledged data Provides addressing and multiplexing of data Establishes, manages and terminates the connection Offers reliability and transmission quality service Provides flow control and congestion management
EC-Council
Introduced in 1980 and functions in the transport layer Connectionless protocol used by applications that stress on fast rather than reliable delivery of datagrams Applications:
Used for streaming audio and video, videoconferencing Trivial File Transfer Protocol, Simple Network Management Protocol and online games Doesnt support acknowledgement for received data or retransmission of lost messages Doesnt offer flow control and congestion management
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Disadvantages:
EC-Council
Countermeasures
Randomize the increment in number Good logging and alerting mechanisms
Countermeasures
Applications that are using UDP should make their own arrangements for authentication
EC-Council
Introduced in 1971 and functions in the application layer Protocol used to exchange files over the Internet and uses TCP for transfer Features: Promotes sharing of files Supports indirect or implicit use of remote computers Reliable and efficient transfer of data
Disadvantages: Hard to filter the active mode FTP traffic on client side More overhead since more number of commands are needed to start the transfer
EC-Council
Introduced in 1980 and functions in the application layer Protocol used to exchange files over Internet and uses UDP for transfer Preferred in situations where fast and simple transfer of small files are necessary Disadvantages compared to FTP: Limited command set only for sending and receiving files No authentication or encryption mechanism Allows only simple ASCII or binary file transfer
EC-Council
FTP Vulnerabilities: Directory Traversal Allows remote attackers to escape the FTP root and read arbitrary files Buffer Overflow Allows remote attackers to gain root privileges SITE EXEC Command Attack Allows remote attackers to execute arbitrary commands via the SITE EXEC command Vulnerability FTP Server Allows local and remote attackers to cause a core dump in the root directory possibly with world-readable permissions
TFTP Vulnerabilities: TFTP Vulnerability Allows access to files outside the restricted directory by Linux implementations of TFTP
EC-Council
TELNET
~ ~ ~
Introduced in 1971 and functions in the application layer TCP based client-server protocol used on Internet and LAN connections Features: Offers user oriented command line login sessions between hosts on the Internet Allows user for remote login by opening connection to remote server Network Virtual Terminal (NVT) used for universal communication by all devices Avoids incompatibilities between devices by providing common base representation Symmetric operation for client and server
EC-Council
Introduced in 1981 and functions in the application layer Text-based protocol that defines one or more recipients for transferring the text messages SMTP uses MIME to encode binary text and multimedia files for transfer Features: Defines the message format and Message Transfer Agent (MTA) that stores and forwards the mail Direct transfer of users mail to the server that can handle the mail using Domain Name Service Acts as a push protocol by restricting users to pull messages from remote server
EC-Council
TELecommunication NETwork: Vulnerability Allows an attacker to bypass the normal system libraries and gain root access Guessable Passwords A Unix account has a guessable password
Simple Mail Transfer Protocol: Vulnerability Allows remote attackers to execute arbitrary code via a malicious DNS response message Security Issues Use a firewall to block incoming TCP protocol network traffic Block TCP protocol network traffic on Windows Server 2000 because it handles Domain Name System (DNS) lookups
EC-Council
Introduced in 1986 and functions in the application layer Protocol used to connect Usenet group on the Internet and carry Usenet traffic over TCP/IP Functions: Propagates messages between NNTP servers Allows NNTP clients to post and read articles Handles both inter-server and clientserver communication using NNTP command set
EC-Council
NNTP Vulnerability: Allows remote attackers to execute arbitrary code via XPAT patterns that are related to improper length validation
Countermeasures: Enable advanced TCP/IP filtering on systems that support NNTP Block the affected ports by using IPSec on the affected systems Remove or disable NNTP if there is no need for it
EC-Council
Introduced in 1987 and functions in the application layer Protocol used to communicate management information between network management stations and managed devices Components: Master Agents Responds to SNMP requests made by a management station Subagents Implements the information and management functionality Management Stations Receives requests for management operations on behalf of administrator
EC-Council
Security Issues MIB objects contain critical information about network devices Community strings are passed in clear text in messages, easily sniffed and provides weak authentication Party Based Security Model A logical entity called party specifies a particular authentication protocol and privacy protocol User Based Security Model Provides the security based on access rights of a user of the machine View Based Access Control Model Well control for accessing objects on a device
Security Models
EC-Council
Introduced in 1990 and functions in the application layer Communication protocol used to establish a connection with a Web server and transmit HTML pages to the client browser Stateless request/response system between client and server Features: Supports multiple host name Performance enhancement due to multiple requests in a single TCP session Improved efficiency due to method caching and proxying support Provides security by authentication methods
EC-Council
Cross-site Scripting
Allows remote attackers to execute arbitrary Javascript on other web clients
Directory Traversal
Allows attackers to access restricted directories and execute commands outside of the web server's root directory
MailMan Webmail
Allows remote attackers to execute arbitrary commands via shell metacharacters
Buffer Overflow
Allows remote attackers to execute arbitrary commands via a long password value in a form field
eWave
Allows remote attackers to upload files
EC-Council
A protocol used to retrieve emails from a email server Indicates the action of transferring emails from the inbox of mail server to the inbox of the client POP3 is an enhanced version that works with/without SMTP mail gateways POP3 services run on port number 110 as defined by the IANA Features: Supports offline mail processing and persistent message IDs Offers access to new mail from various client platforms anywhere across the network
EC-Council
Summary
~
Network Layer
Internet Protocol is data-oriented protocol used by source and destination hosts for communicating data across a packet-switched internetwork
Transport Layer
Transmission Control Protocol is byte-stream connection oriented protocol providing reliable delivery
Application Layer
File Transfer Protocol is used to exchange files over the Internet and uses TCP for transfer
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council