CIT 612 Fundamentals of Computer Security: Mohammed A. Saleh 30 December 2009
CIT 612 Fundamentals of Computer Security: Mohammed A. Saleh 30 December 2009
Fundamentals of
Computer Security
Mohammed A. Saleh
http://ifm.ac.tz/staff/msaleh/CIT612.html
30th December 2009
1
Web Attacks and Internet
Vulnerabilities
With interest in computer and network security, you
would need to know about the Internet
Focuses on the internet protocols that keep the internet
humming
We will look at vulnerabilities of several of these
services, as well as exploits that can be used to attack
them
2
About the Internet
When many people think of the Internet, the first thing
that comes to mind is often the World Wide Web
The Internet is composed of many different connection
schemes called protocols
All the protocols transmit over a common system of
communication called Transmission Control
Protocol/Internet Protocol (TCP/IP)
Protocols include:
File Transfer Protocol (FTP)
allows rapid, reliable transfer of data files between repositories,
called FTP servers, and between computers with FTP client
software installed, called FTP clients.
3
Cont …
Hypertext Transfer Protocol (HTTP)
allows users to access pages of text that are marked up using a
special format called the Hypertext Markup Language (HTML)
HTML tags are inserted into a web document to indicate the
desired font, color, and position of text, and it facilitates linking to
different different web sites, files, or pages
Simple Mail Transfer Protocol (SMTP)
The SMTP service allows a standardized method of electronic
mail transmission
Domain Name Service (DNS)
The Domain Name Service resolves the easy-to-read names
familiar to Internet users, such as http://ifm.ac.tz , to the Internet
Protocol addresses that actually guide information around the
network, such as 66.96.134.2
4
Cont …
Dynamic Host Configuration Protocol (DHCP)
DHCP automatically provides an Internet Protocol (IP) address,
such as 172.16.32. 15, to a computer on a local area network
An IP address is required to communicate with other network
devices that exist beyond the immediate proximity of the
computer requesting the address
5
Packets, Addresses and Ports
To increase the reliability of communications, messages
are chopped up into chunks of uniform length, called
packets
A packet-switched network gives each packet an
individual address label and then shoots it out onto the
network, trusting that each packet will eventually make it
to its destination
There are mechanisms deployed to determine whether
packets sent are corrupted or delayed, and to facilitate
retransmission of replacements.
6
Cont …
So how do packets help make networks and the Internet
reliable?
a packet travels over the circuit quickly
If it goes missing, its replacement can be retransmitted without taking a long
time
it is understood that packets may take one of several possible
routes to their destination
there is a possibility that packets may actually spend part of their journey
traveling in parallel
7
More concepts
An Internet Protocol (lP) address describes a location on
the network
An IP is also known as a network address or a logical
address
The use of logical address allow the network to route
packets to the correct part of the network
IP addresses generally take the form of four numbers,
separated by periods, in which each number is between
1 and 255
For instance, 192.168.32.12
Each device on the other hand a hardware address,
known as the MAC address
8
More concepts
From a security perspective, It is important that packets
are identified by function, what they are intended to do.
This allows them to be switched to the correct location
by inspection without having to open them up and
examine their contents
Packets use the port number to state the packet function
Each IP address comes with roughly 65,000 port
numbers
Different types of network traffic use different ports.
9
Cont …
Question: Why do you need to understand this
multitier system of addressing?
Answer: most network attacks in some way involve falsely
manipulating or replacing the IP address, MAC address, or
Port
In fact, one of the most important tools used today for
network safety, the firewall, is based almost entirely on
recognizing suspicious or invalid combinations of
addresses and ports
10
Network Protocols
A protocol is a defined procedure for interconnecting and
interacting
It determines how data are transported over the Internet,
or over a LAN that uses TCP/IP, provide a variety of
services
Some protocols move web pages, some move email,
some move files, and some move streaming media
Many of the most important network protocols, which
also happen to be most commonly attacked, are the
protocols needed to make communication over a
network possible.
11
Data Navigation Protocols
Which is the fundamental network protocol?
It describes how packets will navigate from network to
network
The IP also provides a fragmentation and reassembly
function
Fragmentation means that if a message, or datagram, is
too long, an IP packet can be split into smaller chunks
for transmission through the network
Reassembly on the hand mean putting messages back
together when it gets to its final destination
What IP does not do is keep track of whether messages
actually make it to where they are going
12
Cont …
IP treats each piece of a message as an independent
entity unrelated to any other message
A message is also referred to as an Internet datagram
The IP must link up with several other protocols to insure
reliable end-to-end delivery and retransmission of missing
messages
For reliable delivery IP works with another data navigation
protocol known as Transmission Control Protocol (TCP)
TCP wraps itself around the IP packet and provides the
information needed to see a packet through multiple hops
to its destination and determines if all packets made the
trip
13
Cont …
TCP can figure out which packets were lost and order up
replacements
Another protocol used for delivery is User Datagram
Protocol (UDP) one that moves packets with SPEED
sacrificing end-to-end delivery
The File Transfer Protocol mentioned previously
operates using TCP
All the data travels reliably over the network, and the
transmission is not finished until the packets have all
made the trip and been reassembled in order at the
destination
14
Cont …
TCP can detect errors because each packet uses a
cyclical redundancy check (CRC), which is like a parity
or checksum, to check itself.
A checksum is a mathematical mechanism that detects
errors in transmission
adds up the numeric value of all the characters transmitted and
seeing if the total is the same at both ends of the link
If IP needs to report errors to the sender, it uses helping
protocols from a suite called Internet Control Message
Protocol (ICMP)
15
Data Navigation Protocols
Attacks
These four protocols: IP, TCP, UDP, and ICMP are the
basis for Internet communications
They are also the basis of many attacks that use the
Internet or of attacks against the Internet itself
How does TCP assure reliability?
by introducing sequence numbers and acknowledgments to IP
For TCP to start transmission, it has to establish a link,
between the sender and recipient, by using a three-way
handshake
Once the handshake is complete both parties can start
communicating
16
TCP Connection establishment
Three way handshake:
Step 1: client host sends TCP client server
segment to server segme
nt (SE
Q Client
specifies initial seq # #)
no data
) , ACK
Step 2: server host receives Se rv e r#
SEQ
segment, replies with en t (
segm
ACK segment
server allocates storage ACK
19
Cont …
The network needed to pass traffic to every location smoothly
and efficiently, and to be able to reconfigure itself around bad
routes and sudden outages
Instead, the Internet became an "information
superhighway" that led to economic growth, prosperity,
and jobs.
a tool of enhanced communications, helping to bring the entire
human family closer together
Along the ‘highway’ came robbers
These are unintended consequences against which the Internet
was never fortified
20
Other Internet Protocols
Protocols can be subjected to attack
The easiest way to attack these datagrams is by
monitoring the network using a packet sniffer
Packet sniffer monitors and decodes packets, allowing
the attacker to gather information about the network and
the devices and persons attached to it
A more sophisticated attack would be:
change the contents of a datagram (data modification)
make it appear as if it came from a different party (spoofing)
On the other hand packet sniffers are useful tools for
network administrators because they allow you to see
what protocols are on the network
21
File Transfer Protocol
Designed to promote sharing files by connecting
machines reliably and efficiently
Remote access of computers became more
commonplace
Flaws of FTP
However, the FTP protocol is subject to abuse
In the first place, it transmits in the clear without encryption
shielding
Attackers can just sit and listen to a network connection
FTP is also very subject to anonymous access
highly desirable in many environments, where to regulate access requires
issuing passwords to every applicant
22
Simple Mail Transfer Protocol
Designed to transfer email messages reliably and
efficiently
It does this by setting up a channel between the initial
sender and a receiver
Once the transmission channel is established, the mail
sender issues a MAIL command
If the mail receiver can accept mail, it responds with an
OK reply
Mail that can't be delivered because of incorrect or
invalid addresses are returned with a note from
whichever mail server determined the problem
23
Cont …
Flaws of SMTP
Email is normally transmitted in the clear
means that a host that pretends to be an email relay can access
all email that passes through it
mail could then be copied or modified
When an attacker suspects that a user or administrator is getting
suspicious, it is relatively easy to disconnect the relay and lay low
It is very easy to create an email message that looks as if
it was sent from someone other than the true sender
an create problems in its own right
also makes it easy to formulate an attack that sends tens of
thousands of emails out to various addresses on the Internet,
email bombing
24
SMTP and Spam
The ability to spoof a return address and easily mail the same
message to multiple recipients has lead to the uncontrolled
outbreak of junk email, or spam
Spam, by some accounts, represents up to 50% of email
traffic and is popular for one reason: email is dirt cheap
Email has few costs: scraping up a few million email addresses off
newsgroups and chain letters is not really that hard
Launching and sending such messages is largely automatic
Other recipients will resent the intrusion and request not to be
disturbed as for invalid addresses, email systems will send
back notices to the sender to this effect
Tracking spammers down requires a lot of detective work
The best way to cope is to use the Antispam features of your email
client software to filter undesired email into the recycle bin before you
even see it.
25
Domain Name Service
DNS is used to resolve a friendly name, such as
www.ifm.ac.tz, to an IP address, such as 66.96.134.2
DNS is needed because while the Internet runs with IP
addresses, people tend to think in words
DNS is not usually the first step in address resolution
To save time and prevent wasted bandwidth, a table of
address and their URLs is usually stored on the local
machine
Your computer starts at this table when you make a web
request
When your local machine cannot find where to send a web
request, it contacts the nearest DNS server, which tells the
computer every thing it knows about the desired IP address
26
Cont …
If the address is unknown at the DNS server, that DNS
server consults the next DNS server up the chain, , until
your address is found
Flaws of DNS
First, if you seed the local machine's cache with incorrect
data, it sends the user's communications to the wrong
place, including possibly a decoy site of the attacker's
own design
Second, if you pollute the database of one of the nation's
big DNS servers, you may shut down a major portion of
the Internet, which is always good for achieving status in
the cracker underworld
27
Cont …
Third, if you deny access to the DNS server that
provides address resolution to a population of users, say
company networks, then your users are not going to be
able to contact web sites for which they do not already
have IP addresses
Poisoning the DNS system doesn't only slow down or
prevent the access of web pages and services
Mail may not work
Remote file systems may be rendered inaccessible, and
Network printing may go down.
Essentially everything that involves an external
communication is at risk when DNS fails.
28
Summary
Internet protocols have opened up a host of security
issues
The protocols were meant to be robust, not secure
The trust by which computers are able to interact and
complete complicated business processes turns out to
be the undoing of much business
29
Questions