SlideShare ist ein Scribd-Unternehmen logo

Network security at_osi_layers

Federal Urdu University
Federal Urdu University
Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Network Security at OSI Layers Muhammad Muzammil Syed Zeeshan Nasir Department of computer science FUUAST, Islamabad 1-OSI Model: Network Routing and routable protocols such as IP and Open Shortest Path In 1983, the International Organization for First (OSPF). Path control Standardization (ISO) and the International and best effort at delivery Telegraph and Telephone Consultative Data link Network interface cards, Committee (CCITT) merged documents and Media Access Control (MAC) developed the OSI model, which is based on addresses, a specific hierarchy where each layer builds framing, formatting, and on the output of each adjacent layer. organizing data The OSI model is a protocol stack where the Physical Transmission media such as lower layers deal primarily with hardware, twisted-pair cabling, and the upper layers deal primarily with wireless systems, software. The OSI model’s seven layers are and fiber-optic cable designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown: Layers Functionality 1.2-Functions of OSI Model: Application Application support such as File Transfer Protocol (FTP), The OSI model functions as follows: Telnet, and 1. Information is introduced into the Hypertext Transfer Protocol application layer and passed down until it (HTTP) ends up at the physical layer. Presentation Encryption, Server Message 2. Next, it is transmitted over the physical Block (SMB), American medium (i.e., wire, coax, or wireless) and Standard Code sent to the target device. for Information Interchange 3. Once at the target device, it proceeds (ASCII), and formatting back up the stack to the application layer. Session Data flow control, startup, shutdown, and error detection/ Correction Transport End-to-end communications, UDP and TCP services
send data either quickly or reliably. 1.3-Explanation of Layers: Transport layer responsibilities include end- to-end error recovery and flow control. The The Application Layer: two primary protocols found on this layer Layer 7 is known as the application layer. include: Recognized as the official top layer of the • TCP A connection-oriented protocol; OSI model, this layer serves as the window provides reliable communication for application services. using handshake acknowledgments, error detection, and session The Presentation Layer: teardown. Layer 6 is known as the presentation layer. • UDP A connectionless protocol; The main purpose of the presentation layer offers speed and low overhead as its is to deliver and present data to the primary advantage. application layer. This data must be formatted so that the application layer can The Network Layer: understand and interpret it. The Layer 3 is known as the network layer, presentation layer is responsible for items which is fixed to software and deals with such as: packets. The network layer is the home of • Encryption and decryption of the IP, which offers best effort at delivery messages and seeks to find the best route from the • Compression and deCompression of source to the target network. Network- messages, format translation layer components include: • Handling protocol conversion • Routers • Stateless inspection/packet filters The Session Layer: Layer 5 is known as the session layer. Its The Data Link Layer: purpose is to allow two applications on Layer 2 is known as the data link layer and different computers to establish and is focused on traffic within a single local coordinate a session. It is also responsible area network (LAN).The data link layer for managing the session while information formats and organizes the data before and data are being moved. When a data sending it to the physical layer. Because it is transfer is complete, the session layer tears a physical scheme, hard-coded Mandatory down the session. Session-layer protocols Access Control (MAC) addresses are include: typically used. The data link layer organizes • Remote Procedure Call (RPC) the data into frames. When a frame reaches • Structured Query Language (SQL) the target device, the data link layer strips off the data frame and passes the data The Transport Layer: packet up to the network layer. Data-link- Layer 4 is known as the transport layer. layer components include: Whereas the application, presentation, and • Bridges session layers are primarily concerned with • Switches data, the transport layer is focused on • Network Interface Card (NIC) segments. Depending on the application • MAC addresses protocol being used, the transport layer can
The Physical Layer: Layer 1 of the OSI model is known as the Telnet: physical layer. Bit-level communication Telnet is a TCP shell service that takes place at layer 1. Bits have no defined operates on port 23.Telnet enables a client meaning on the wire; however, the physical at one site to establish a session with a host layer defines how long each bit lasts and at another site. The program passes the how it is transmitted and received. Physical information typed at the client’s keyboard layer components include copper cabling, to the host computer system. While Telnet fiber cabling, wireless system components, can be configured to allow unidentified and Ethernet hubs. The physical layer in this connections, it should also be configured to book has been extended to include: require usernames and passwords. • Perimeter security Unfortunately, even then, Telnet sends • Device Security them in clear text. When a user is logged in, • Identification and authentication he or she can perform any allowed task. Simple Mail Transfer Protocol (SMTP): This application is a TCP service that 2-Attacks at OSI operates on port 25, and is designed to Layers: exchange electronic mail between networked systems. Messages sent through SMTP have two parts: an address header Let see the attacks on all layers of OSI and the message text. All types of Model. computers can exchange messages with The Application Layer: SMTP. Spoofing and spamming are two of Most of the applications listed in this the vulnerabilities associated with SMTP. section are totally insecure because they were written for a different time. Here’s a Domain Name Service (DNS): short list of some of the insecure This application operates on port 53, applications and high-level protocols: and performs address translation. DNS converts fully qualified domain names FTP: (FQDNs) into a numeric IP address and FTP is a TCP service that operates on converts IP addresses into FQDNs. DNS uses ports 20 and 21 and is used to move files UDP for DNS queries and TCP for zone from one computer to another. Port 20 is transfers. DNS is subject to poisoning and if used for the data stream, and transfers the misconfigured, can be solicited to perform a data between the client and the server. Port full zone transfer. 21 is the control stream, and is used to pass commands between the client and the FTP Trivial File Transfer Protocol (TFTP): server. Attacks on FTP target misconfigured TFTP operates on port 69, and is directory permissions and compromised or a connectionless version of FTP that uses sniffed clear text passwords. FTP is one of UDP to reduce overhead and reliability. It the most commonly hacked services. connectionless version of FTP that uses UDP to reduce overhead and reliability. It does
so without TCP session management or proved to be an example of weak authentication, which can pose a big encryption (i.e., many passwords encrypted security risk. It is used to transfer router with this system could be cracked in less configuration files and to configure cable than 1 second because of the way Microsoft modems. People hacking those cable stored the hashed passwords). modems are known as uncappers. An NTLM password is uppercase, padded to 14 characters, and divided into Hypertext Transfer Protocol (HTTP): seven character parts. The two hashed HTTP is a TCP service that operates on results are concatenated and stored as a port 80. HTTP helped make the Web the LAN Manager (LM) hash, which is stored in popular service that it is today. The HTTP the SAM. The session layer is also connection model is known as a stateless vulnerable to attacks such as session connection. HTTP uses a request response hijacking. Network Basic Input/output protocol where a client sends a request and System (NetBIOS) is another service located a server sends a response. Attacks that in this area of the stack. exploit HTTP can target the server, browser, NetBIOS was developed for IBM and or scripts that run on the browser. Nimda is adopted by Microsoft, and has become an an example of the code that targeted a Web industry standard. It allows applications on server. different systems to communicate through the LAN. On LANs, hosts using NetBIOS Simple Network Management Protocol systems identify themselves using a 15- (SNMP): character unique name. Since NetBIOS is SNMP is a UDP service that operates non-routable, Microsoft adapted it to run on ports 161 and 162, and was designed to over Transmission Control Protocol/Internet be an efficient and inexpensive way to Protocol (TCP/IP). monitor networks. The SNMP protocol NetBIOS is used in conjunction with allows agents to gather information (e.g., SMB, which allows for the remote access of network statistics) and report back to their shared directories and files. This key feature management stations. Some of the security of Windows makes file and print sharing problems that plague SNMP are caused by and the Network Neighborhood possible. It the fact that community strings are passed also introduced other potential as cleartext and the default community vulnerabilities into the stack by giving strings (public/private) are well known. attackers the ability to enumerate systems SNMP version 3 is the most current and and gather user names and accounts, and offers encryption for more robust security. share information. Almost every script kiddie and junior league hacker has The Session Layer: exploited the net use command. There is a weakness in the security controls at the presentation and session The Transport Layer: layers. Let’s look at the Windows NT The transport layer is common with LanMan (NTLM) authentication system. vulnerabilities, because it is the home of Originally developed for Windows systems UDP and TCP. Because UDP is and then revised for Windows NT post connectionless, it’s open for attackers to service pack 2 systems, this security control use for a host of denial of service (DoS)
attacks. It’s also easy to spoof and requires no confirmation.TCP is another used and abused protocol. Port scanning and TCP The Physical Layer: make the hacker trade possible. An attacker gaining access to the Before a hacker can launch an attack, telecommunications closet, an open port in he or she must know what is running and the conference room, or an unused office, what to target.TCP makes this possible. could be the foothold needed to breach the From illegal flag settings, NULL, and XMAS, network or, even worse, gain physical to more common synchronous (SYN) and access to a server or piece of equipment. reset (RST) scans, TCP helps attackers It’s a generally accepted fact that if identify services and operating systems. someone gains physical access to an item, they can control it. The Network Layer: At the network level are services such as IP and ICMP. IPv4 has no security services 3-Countermeasures built in, which is why Secure Internet Found in Each Layer: Protocol (IPSec) (a component of IPv6) was developed. Without IPSec, IP can be Security countermeasures are the targeted for many types of attacks (e.g., controls used to protect the confidentiality, DOS), abused through source routing, and integrity, and availability of data and tricked into zombie scanning “IPID Scan.” information systems. While ICMP was developed for diagnostics There is a wide array of security and to help with logical errors, it is also the controls available at every layer of the target of misuse. ICMP can be used to stack. Overall security can be greatly launch Smurf DoS attacks or can be enhanced by adding additional security subverted to become a covert channel with measures, removing unneeded services, programs such as Loki. hardening systems, and limiting access. The Data Link Layer: • Virus Scanners: Antivirus programs The dangers are real at the data link can use one or more techniques to layer. Conversion from logical to physical check files and applications for addressing must be done between the viruses. While virus programs didn’t network and data link layers. Address exist as a concept until 1984, they Resolution Protocol (ARP) resolves logical to are now a persistent and constant physical addresses. problem, which makes maintaining While critical for communication, it is antivirus software a requirement. also used by attackers to bypass switches These programs use a variety of and monitor traffic, which is known as ARP techniques to scan and detect poisoning. Even without ARP poisoning, viruses, including signature passive sniffing can be a powerful tool if the scanning, heuristic scanning, attacker positions himself or herself in the integrity checks, and activity right place on the network. blocking.
• Pretty Good Privacy (PGP): In 1991, • Secure Electronic Transmission Phil Zimmerman initially developed (SET): SET is a protocol standard that PGP as a free e-mail security was developed by MasterCard, VISA, application, which also made it and others to allow users to make possible to encrypt files and folders. secure transactions over the PGP works by using a public-private Internet. It features digital key system that uses the certificates and digital signatures, International Data Encryption and uses of Secure Sockets Layer Algorithm (IDEA) algorithm to (SSL). encrypt files and email messages. • Terminal Access Controller Access • Secure Multipurpose Internet Mail Control System (TACACS): Available Extensions (S/MIME): S/MME in several variations, including secures e-mail by using X.509 TACACS, Extended TACACS certificates for authentication. The (XTACACS), and TACACS+.TACACS is Public Key Cryptographic Standard is a centralized access control system used to provide encryption, and can that provides authentication, work in one of two modes: signed authorization, and auditing (AAA) and enveloped. Signing provides functions. integrity and authentication. • Kerberos: Kerberos is a network Enveloped provides confidentiality, authentication protocol created by authentication, and integrity. the Massachusetts Institute of • Privacy Enhanced Mail (PEM): PEM Technology (MIT) that uses secret- is an older e-mail security standard key cryptography and facilitates that provides encryption, single sign-on. Kerberos has three authentication, and X.509 parts: a client, a server, and a certificate-based key management. trusted third party to mediate • Secure Shell (SSH): SSH is a secure between them. application layer program with • SSL: Netscape Communications different security capabilities than Corp. initially developed SSL to FTP and Telnet. Like the two provide security and privacy aforementioned programs, SSH between clients and servers over the allows users to remotely log into Internet. It’s application- computers and access and move independent and can be used with files. The design of SSH means that HTTP, FTP, and Telnet. SSL uses no clear text usernames/passwords Rivest, Shamir, & Adleman (RSA) can be sent across the wire. All of public key cryptography and is the information flowing between capable of client authentication, the client and the server is server authentication, and encrypted, which means network encrypted SSL connection. security is greatly enhanced. Packets • Transport Layer Security (TLS): TLS can still be sniffed but the is similar to SSL in that it is information within the packets is application independent. It consists encrypted. of two sub layers: the TLS record
protocol and the TLS handshake 128-bit keys. A 24-bit Initialization protocol. Vector (IV) is used to provide • Windows Sockets (SOCKS): SOCKS is randomness; therefore, the “real a security protocol developed and key” may be no more than 40 bits established by Internet standard RFC long. There have been many proven 1928. It allows client-server attacks based on the weaknesses of applications to work behind a WEP. firewall and utilize their security • Wi-Fi Protected Access (WPA): WPA features. was developed as a replacement for • IPSec: IPSec is the most widely used WEP. It delivers a more robust level standard for protecting IP of security.WPA uses Temporal Key datagram’s. Since IPSec can be Integrity Protocol (TKIP), which applied below the application layer, scrambles the keys using a hashing it can be used by any or all algorithm and adds an integrity- applications and is transparent to checking feature that verifies that end users. It can be used in channel the keys haven’t been tampered mode or transport mode. with. Next, WPA improves on WEP • Point-to-point Tunneling Protocol by increasing the IV from 24 bits to (PPTP): Developed by a group of 48 bits.WPA also prevents rollover vendors including Microsoft, 3Com, (i.e., key reuse is less likely to occur). and Ascend, PPTP is comprised of Finally, WPA uses a different secret two components: the transport that key for each packet. maintains the virtual connection and • Packet Filters: Packet filtering is the encryption that insures configured through access control confidentiality. PPTP is widely used lists (ACLs). ACL’s allow rule sets to for virtual private networks (VPNs). be built that will allow or block • Challenge Handshake traffic based on header information. Authentication Protocol (CHAP): As traffic passes through the router, CHAP is an improvement over each packet is compared to the rule previous authentication protocols set and a decision is made whether such as Password Authentication the packet will be permitted or Protocol (PAP) where passwords are denied. sent in clear text. CHAP uses a • Network Address Translation (NAT): predefined secret and a pseudo NAT can be used to translate random value that is used only once. between private and public This facilitates security because the addresses. PrivateIP addresses are value is not reused and the hash those considered non-routable (i.e., cannot be reversed-engineered. public Internet routers will not route • Wired Equivalent Privacy (WEP): traffic to or from addresses in these While not perfect, WEP attempts to ranges). add some measure of security to • Fiber Cable: The type of wireless networking. It is based on transmission media used can make a the RC4 symmetric encryption difference in security. Fiber is much standard and uses either 64-bit or more secure than wired alternatives
and unsecured wireless transmission Authentication is the process of proving methods. your identity. Various authentication • Secure Coding: It is more cost- schemes have been developed over the effective to build secure code up years and can be divided into three broad front than to try and go back and fix categories: it later. Just making the change from • Something You Know Passwords C to a language such as .NET or • Something You Have Tokens, smart CSharp can have a big security cards, and certificates • Something You Are Biometrics impact. The drive for profits and the additional time that QA for security would introduce, causes many companies to not invest in secure code. 5- Defending the Data-Link Layer: 4-Defending the Protocol define at this layer provide security. Physical Layer: Ethernet LAN Security: There is no security protocol that will The Ethernet LAN has many security defend physical layer, but several natural weaknesses when facing attacks externally methods are utilized to perform our job. and internally. Security measures must be taken to ensure a secured environment for The security controls on physical layer communications ever the Ethernet LAN. The have three primary goals: following are some key risks in an Ethernet • Deter (Discourage): Two methods LAN: used to deter intruders are security lighting and “Beware of Dog” signs. • The primary weakness with Ethernet • Delay: Some of the techniques used is that it is a broadcast system. Every to delay an intruder include fences, message sent out by any computer gates, locks, access controls, and on an Ethernet LAN segment mantraps. reaches all parts of that segment • Detect: Two systems used to detect and potentially could be read by any intruders are intrusion detection computer on the segment. Sniffing systems (IDSes) and alarms. type programs can record, read and analyze all the messages on a Physical security focuses on intruders segment. Actually others can read and thieves. Some main concern to security your password and subsequently are follow: login to any account. They can also Identification and Authentication: change the information and forge Identification is the process of totally different messages. identifying yourself, and is commonly • Peer-to-Peer networking systems performed by entering a username. (both Windows and Macintosh
AppleTalk) for Workgroups allow snooper" is on one side of a bridge people on the network to share files or router they will not see any traffic and printers, which open up your passing between computers on the files to anyone using another other side of the filter. computer in the group. • Lan Security Architecture (LSA): a • Some applications, such as FTP proprietary technique where twisted program which allows you to get pair hubs inspect incoming files from and send files to another messages and will only transmit computer, may have an option in them unscrambled to the their configuration which allows destination computer. All other other computers to get into your computers on the hub receive computer and have access to your scrambled messages. files while the program is running. • It is relatively easy in an Ethernet Software Solutions for Ethernet LAN LAN to fake an Email message and Security other messages which purports to come from someone else. It is also • Encryption: Encrypting the data possible to fake a login session by passing between your computer and recording a legitimate one and its destination. There are many running the recording later on. encryption technologies and product available which effective protect There are many hardware and software information and data privacy. The solutions to address the above Ethernet popular encryption methods used LAN security issues: are PGP (Pretty Good Privacy). • Authentication: Use user name and Hardware Solutions for Ethernet LAN password to authenticate users. It is Security necessary to encrypt the password and implement timestamps making • Use a switched network: A switch forgery extremely difficult. can segregate a network into many • Combination technologies: Many parts which can effectively new technologies are available preventing snooping and sniffing on which doing both authentication a network. These switches also and encryption. One of such reduce network traffic by limiting technologies is Kerberos which uses messages to only the parts of the tokens, timestamps, tickets and network on which they are needed encryption to make transactions to improve the efficiency of the between computers secure. whole network. • Bridges and Routers: Bridges and routers are electronic filters which only pass a network message through themselves if the destination lies on the other side of VLAN: Virtual Local Area Network and IEEE the filter. Consequently if "the 802.1Q
Virtual LAN (VLAN) refers to a group of Passwords logically networked devices on one or more Sensitive information LANs that are configured so that they can Information gathering communicate as if they were attached to • Broadcast Attacks the same wire, when in fact they are • Man-In-the-Middle (MIM) Attack: located on a number of different LAN Man-in-the-Middle (MIM) is a very common segments. Because VLANs are based on type of attack, in which an attacker inserts logical instead of physical connections, it is his computer between the communication very flexible for user/host management, paths of two target computers by Sniffs bandwidth allocation and resource packets from Network, modified them and optimization. then insert them back into the Network. • Denial of Services (DoS) Attack: There are the following types of Virtual A “Denial of Service (DoS)” attack is a flood LANs: of packets that consumes network resources and causes deadlock. 1. Port-Based VLAN: each physical • Session Hijacking: switch port is configured with an Session Hijacking is a process by which an access list specifying membership in attacker sees/ listen an active TCP a set of VLANs. connection between two other hosts and 2. MAC-based VLAN: a switch is then insert fake packets (in one or both configured with an access list directions) and takes control of the mapping individual MAC addresses connection. This method is similar to the to VLAN membership. MIM attack. 3. ATM VLAN - using LAN Emulation • Sniffing (Passwords, Sensitive (LANE) protocol to map Ethernet Information and Information packets into ATM cells and deliver Gathering): them to their destination by Sniffing is a process of monitoring all converting an Ethernet MAC address information or reading the packets that are into an ATM address. being transmitted on a network. An attacker can sniff network traffic and ARP: can also passively intercept network traffic. Address Resolution Protocol Then, through packet analysis, he might be Types of ARP Attacks: able to determine login IDs and passwords There are many ways an attacker can gain and collect other sensitive data. There are access or exploit your system. It is not so many tools available for Sniffing like important how attacker gain access into the Hunt, Sniffit, Ettercap, Snort and Dsniff. system. Once the intruder breaks into your system he can use it according to his way. They work as follows: Following are some types of attacks that a) Ethernet was built around a "shared" can be resulted from ARP Spoofing: principle: all machines on a local network • Man-in-the-Middle (MIM) share the same wire. • Denial of Services (DoS) b) This implies that all machines are able to • Session Hijacking "see" all the traffic on the same wire. • Sniffing
c) Thus, Ethernet hardware is built with a key security risks at the Network Layer "filter" that ignores all traffic that doesn't associated with the IP: belong to it. It does this by ignoring all frames whose MAC address doesn't match. • IP Spoofing: The intruder sends • Broadcast Attacks: messages to a host with an IP This technique is used to send a large address (not its own IP address) amount of ICMP echo request (Ping) traffic indicating that the message is to all known IP broadcast addresses with coming from a trusted host to gain the spoofed source address of the victim. un-authorized access to the host or other hosts. To engage in IP spoofing, a hacker must first use a Strategy to overcome the constraints: variety of techniques to find an IP address of a trusted host and then • Network Analyzer Tools and modify the packet headers so that it Sniffers: appears that the packets are coming It allows you to inspect network from that host. traffic at every level of the network stack in • Routing (RIP) attacks : Routing various degrees of detail. Information Protocol (RIP) is used to • Encryption: distribute routing information within Encryption is an effective way to networks, such as shortest-paths, defend against Sniffing and ARP Spoofing. and advertising routes out from the Encryption prevents any non-authorized local network. RIP has no built in party from reading or changing data. authentication, and the information • Intrusion Detection Systems (IDS): provided in a RIP packet is often IDS identify attacker’s attempts to used without verifying it attack or break into the network and • ICMP Attacks: ICMP is used by the IP misuse it. IDSs may monitor packets passing layer to send one-way informational over the network, monitor system files, messages to a host. There is no monitor log files, or set up deception authentication in ICMP, which leads systems that attempt to trap hackers. Port to attacks using ICMP that can result Scans and Denial-of-Service Attacks are an in a denial of service, or allowing the ongoing threat. attacker to intercept packets. Denial of service attacks primarily use either the ICMP "Time exceeded" or 6- Defending the Network Layer: "Destination unreachable" message. Both of these ICMP messages can Every layer of communication has its cause a host to immediately drop a own unique security challenges. The connection Network Layer is especially weak for many • PING Flood (ICMP Flood): PING is Denial of Service attacks and information one of the most common uses of privacy problems. The most popular ICMP which sends an ICMP "Echo protocol used in the network layer is IP Request" to a host, and waits for (Internet Protocol). The following are the that host to send back an ICMP "Echo Reply" message. Attacker
simply sends a huge number of connectionless integrity, data origin "ICMP Echo Requests" to the victim authentication, rejection of replayed to cause its system crash or slow packets (a form of partial sequence down. This is an easy attack because integrity), confidentiality (encryption), and many ping utilities support this limited traffic flow confidentiality. Because operation, and the hacker doesn't these services are provided at the IP layer, need much knowledge. they can be used by any higher layer • Packet Sniffing: Because most protocol, e.g., TCP, UDP, ICMP, BGP, etc. network applications distribute network packets in clear text, a These objectives are met through the use of packet sniffer can provide its user two traffic security protocols, the with meaningful and often sensitive Authentication Header (AH) and the information, such as user account Encapsulating Security Payload (ESP), and names and passwords. A packet through the use of cryptographic key sniffer can provide an attacker with management procedures and information that is queried from the protocols. The set of IPSec protocols database, as well as the user employed in any context, and the ways in account names and passwords used which they are employed, will be to access the database. This cause determined by the security and system serious information privacy requirements of users, applications, and/or problems as well as tools for crimes. sites/organizations. IPSec: Internet Protocol Security (IPSec) is a Protocol Structure: protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPSec provides security services at the network layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPSec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. The set of security services that IPSec can provide includes access control,
7- Defending the providing endpoint authentication Transport Layer: and encryption. One faulty SSL client implementation Microsoft I Explorer, allows for transparent SSL The transport Layer is especially weak for attacks. SSL that would warn the the Denial of Service (DOS) attack or user about problems with the server Distributed Denial of Service (DDOS) attack. certificate. Two most popular protocols used in the • TCP Connecting Hijacking is also transport layer are TCP (Transmission known as Man-in-the-Middle attack. Control Protocol) and UDP (User Datagram With this attack, an attacker can Protocol). The following are the key security allow normal authentication to risks at the Transport Layer associated with proceed between the two hosts, and TCP and UDP: then seize control of the connection. There are two possible ways to do • TCP "SYN" attack is also known as this: one is during the TCP three-way SYN Flooding. It takes advantage of a handshake, and the other is in the flaw in how most hosts implement middle of an established connection. the TCP three-way handshake. • UDP Flood Attack: UDP is a When Host B receives the SYN connectionless protocol and it does request from A, it must keep track of not require any connection setup the partially opened connection in a procedure to transfer data. A UDP "listen queue" for at least 75 Flood Attack is possible when an seconds. Many implementations can attacker sends a UDP packet to a only keep track of a very limited random port on the victim system. number of connections. A malicious When the victim system receives a host can exploit the small size of the UDP packet, it will determine what listen queue by sending multiple application is waiting on the SYN requests to a host, but never destination port. When it realizes replying to the SYN&ACK the other that there is no application that is host sends back. By doing so, the waiting on the port, it will generate other host's listen queue is quickly an ICMP packet of destination filled up, and it will stop accepting unreachable to the forged source new connections, until a partially address. If enough UDP packets are opened connection in the queue is delivered to ports on victim, the completed or times out. This ability system will go down. of removing a host from the network for at least 75 seconds can The three-way handshake: in Transmission be used as a denial-of-service attack, or it can be used as a tool to Control Protocol is the method used to implement other attacks, like IP establish and tear down network Spoofing. • SSL Man-in-the-Middle Attacks: connections. This handshaking technique is SSL/TLS was supposed to mitigate referred to as the 3-way handshake or as that risk for web transactions by
"SYN-SYN-ACK" (or more accurately SYN, store sensitive data such as medical SYN-ACK, ACK). The TCP handshaking information, or collect confidential mechanism is designed so that two information from the users on the network, computers attempting to communicate can and can also be used by other businesses negotiate the parameters of the network that want to secure network connections connection before beginning between the client and the server. communication. Transport Layer Security involves the use of • Host A sends a TCP SYNchronize an encryption system which utilizes a digital packet to Host B certificate which is formulated to identify • Host B receives A's SYN • Host B sends a SYNchronize- the network owner, as well as create public ACKnowledgement keys that are used to encrypt • Host A receives B's SYN-ACK • Host A sends ACKnowledge communications over the network. The • Host B receives ACK. TCP connection certificate is installed on the portion of the is ESTABLISHED. server that requires encryption. When the client logs onto the network, a Transport Layer Security: message is sent to the server that identifies Transport Layer Security provides a way for the client. The server will then return a you to create a secure network connection message and list the cryptographic methods between a client and a server by encrypting that are to be used for communication to the connection between both entities. ensure the client and the server are Transport Layer Security is similar to communicating in the same language. Security Socket Layers because both • Different Types of Transport Layer protocols provide security for applications Security such as email, Instant Messaging, Web There are several different types of browsing, VoIP (Voice over Internet Transport Layer Security depending upon Protocol). the encryption requirements for the Transport Layer Security is used within organization. organizations that use payment processes,
• Web Server Transport Layer 8- Defending the Security: This type of encryption Session Layer: protects the data when the client connects to the Internet to send data through a Web browser or Protocols that assist it are discussed. website. The TLS encryption provides a secure Web server and NetBIOS: prevents the data from being NetBIOS is a protocol that Microsoft intercepted by an unauthorized Windows systems use to share user. resources. For example, if a PC • Email Server Transport Layer running Windows wants to connect Security: To secure to and access a share on a file communications between the server, it probably uses NetBIOS. email client and the server, a SMB, the method used to access file digital certificate is installed on and printer shares, can also run the email server to provide encrypted communications when independently of NetBIOS over TCP sending and receiving confidential ports 139 and 445. Both of these information via email. approaches, however, tend to increase the attack surface of a • Virtual Private Network Security: network. Transport Layer Security works to secure a virtual private network The ports that we’d have to open to appliance by installing a digital certificate on the VPN appliance the Internet are UDP/137, UDP/138, that provides an encrypted and TCP/139. Unfortunately, the connection between the remote most popular attacker target is user and the network that they NetBIOS and against these ports. are accessing. Once an attacker discovers an active • Database and Directory Security: Organizations deploy Transport port 139 on a device, he can run Layer Security to encrypt server NBSTAT to begin the very important queries for databases and first step of an attack—foot printing. directories that contain sensitive With the NBSTAT command, he can data and information obtain some or all of the following information: • Computer name • Contents of the remote name cache, including IP addresses
• A list of local NetBIOS names o Perform malware scanning • A list of names resolved by on end user stations after broadcast or via WINS decryption. o Use message content • Contents of the session table scanners specifically with the destination IP designed to check the addresses content of encrypted. Defending against external NetBIOS connections 10-Defending the • Disabling the system’s ability to Application Layer: support null sessions • Defining very strong passwords for the local administrator accounts 1. SMTP: Simple Mail Transfer Protocol • Defining very strong passwords for shares, assuming you absolutely Simple Mail Transfer Protocol (SMTP) is a have to have shares on exposed protocol designed to transfer electronic systems mail reliably and efficiently. SMTP is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification 9-Defending the regarding incoming mail. Presentation Layer: SMTP is independent of the particular transmission subsystem and requires only a S/MIME security: reliable ordered data stream channel. An important feature of SMTP is its capability S/MIME support is one of Outlook's to transport mail across networks, usually unheralded important features. It gives you referred to as "SMTP mail relaying". Using end-to-end protection: SMTP, a process can transfer mail to another process on the same network or to • S/MIME is tailored for end to end some other network via a relay or gateway security. Encryption will not only process accessible to both networks. encrypt your messages, but also malware. Thus if your mail is In this way, a mail message may pass scanned for malware anywhere but through a number of intermediate relay or at the end points, such as your gateway hosts on its path from sender to company's gateway, encryption will ultimate recipient. The Mail eXchanger defeat the detector and successfully mechanisms of the domain name system deliver the malware. Solutions: are used to identify the appropriate next- hop destination for a message being transported.
• Security: node that contains an SNMP agent and that resides on a managed network. Managed One of the ways to restrict access to devices collect and store management an outgoing mail server is to verify information and make this information that the computer is on the ISP's available to NMSs using SNMP. Managed local network. When you dial your devices, sometimes called network modem and connect to your ISP, elements, can be routers and access your computer is given an IP address servers, switches and bridges, hubs, that identifies you as being a part of computer hosts, or printers. An agent is a that ISP's network. If you have two network management software module ISPs and dial up to one and then that resides in a managed device. An agent connect to the other's mail server, it has local knowledge of management may prevent you from relaying mail information and translates that information because your computer is not into a form compatible with SNMP. An NMS identified as being on the local executes applications that monitor and network for the provider whose mail control managed devices. server you are sending through. In this case, you should try to use the • SNMP v1 Basic Operations and SMTP server for the provider you Features have used to dial up and connect to • SNMP v2 Additional Operations the Internet. • SNMP v3 Security Enhancement Why Security is Important in SNMP: 2. SNMP: Simple Network Management Protocol The need for security in SNMP is obvious because the MIB objects being Simple Network Management Protocol communicated contain critical information (SNMP) is the protocol developed to about network devices. We don't want just manage nodes (servers, workstations, anyone “snooping” into our network to find routers, switches and hubs etc.) on an IP out our IP addresses, or how long our network. SNMP enables network machines have been running, or whether administrators to manage network our links are down, or pretty much anything performance, find and solve network else. problems, and plan for network growth. Network management systems learn of 3. DHCP problems by receiving traps or change notices from network devices implementing DHCP spoofing SNMP. DHCP spoofing is a type of attack on DHCP An SNMP managed network consists of server to obtain IP addresses using spoofed three key components: managed devices, DHCP messages. In the cases where the agents, and network-management systems DHCP server is on a remote network, and an (NMSs). A managed device is a network IP address is required to access the
network, but since the DHCP server supplies when requesting a DHCP IP address and the IP address, the requester is at an thus is not able to access the network. impasse. To supply access to the network, DHCP starvation may be purely a denial of when the Pipeline receives a DHCP Discover service (DoS) mechanism or may be used in packet (a request for an IP address from a conjunction with a malicious rogue server PC on the network), it responds with a attack to redirect traffic to a malicious DHCP Offer packet containing the computer ready to intercept traffic. configured (spoofed) IP address and a renewal time, which is set to a few seconds. When the normal DHCP server is down, the The requester then has access to the DHCP network attacker can then set up a rogue server and gets a real IP address. (Other DHCP server on his or her system and variations exist in environments where the respond to new DHCP requests from clients APP server utility is running.) on the network. An intruder may issue an address with DNS server information or DHCP Starvation default gateway information that redirects traffic to a computer under the control of A DHCP starvation attack works by the intruder. broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with DHCP Starvation Attack Mitigation attack tools such as gobbler. If enough requests are sent, the network attacker can By limiting the number of MAC addresses exhaust the address space available to the on a switch port will reduce the risk of DHCP servers for a period of time. This is a DHCP starvation attack. When more simple resource starvation attack just like a systems implement the RFC 3118, SYN flood is a starvation attack. The Authentication for DHCP Messages, DHCP network attacker can then set up a rogue starvation attacks will become more DHCP server on his or her system and difficulty. respond to new DHCP requests from clients on the network. Exhausting all of the DHCP Adding Security to DHCP addresses is not required to introduce a rogue DHCP server, though. Since DHCP runs over UDP and IP, one could use IPSec at layer three to provide authentication. DHCP Starvation Attack DHCP starvation attack works by 4. FTP: File Transfer Protocol broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with File Transfer Protocol (FTP) enables file attack tools such as gobbler. If enough sharing between hosts. FTP uses TCP to requests are sent, the network attacker can create a virtual connection for control exhaust the address space available to the information and then creates a separate DHCP servers for a period of time. TCP connection for data transfers. The Subsequently, a legitimate user is denied control connection uses an image of the
TELNET protocol to exchange commands sensitive information should be and messages between hosts. transferred with SFTP . The key functions of FTP are: 1) To promote sharing of files (computer programs and/or data), S-FTP, or Secure FTP, S/FTP 2) To encourage indirect or implicit (via programs) use of remote computers, Secure FTP (S-FTP or S/FTP) is the enhanced version of the File Transfer Protocol (FTP) 3) To shield a user from variations in file with security features. Mainly, S-FTP adds storage systems among hosts, and encryption to the FTP contents which is send in clear text in the original FTP version. 4) To transfer data reliably and efficiently. S-FTP is available on almost all operating FTP, though usable directly by a user at a systems including Windows, UNIX, and terminal, is designed mainly for use by Macintosh. programs. 5. Hypertext Transfer Protocol Secure FTP has little security protection when (HTTPS) performing file transfer: both user password and the data are exposed to HTTP is a combination of the Hypertext public. To make the file transfer more Transfer Protocol with the SSL/TLS secure, some enhancements have been protocol to provide encryption and made on the FTP, including SFTP SSH secure (website security testing) protected FTP and BBFTP. identification of the server. • The data that is transferred, it should only be used to transfer small S-HTTP: Secure Hypertext Transfer (1-10KB) files containing sensitive Protocol data. Large files that do not contain sensitive information should be Secure HTTP (S-HTTP) is a secure message- transferred via a method that does oriented communications protocol not encrypt data. designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's • SSH protected FTP: This transfer messaging model and to be easily method encrypts the password integrated with HTTP applications. information but does NOT encrypt the data being transferred. As a Secure HTTP provides a variety of security result, it should only be used to mechanisms to HTTP clients and servers, transfer large (and small) files that providing the security service options do NOT contain sensitive appropriate to the wide range of potential information. File that contains end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric
capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. 11- References: • Web Sites • http://www.infosecwriters.com • http://www.javvin.com • http://www.spamlaws.com • http://www.inetdaemon.com • http://blogs.techrepublic.com.com • http://en.wikipedia.org • Books • Hack The Stack • Network Management Fundamental • Network Security Essential

Empfohlen

Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing TheGodfather HA
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 

Empfohlen

Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing TheGodfather HA
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
IP Address
IP AddressIP Address
IP Addressbaabtra.com - No. 1 supplier of quality freshers
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Ip address presentation
Ip address presentationIp address presentation
Ip address presentationmuhammad amir
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Network security
Network securityNetwork security
Network securitynageshkanna13
 
Network Security Lec5
Network Security Lec5Network Security Lec5
Network Security Lec5Federal Urdu University
 

Weitere ähnliche Inhalte

Was ist angesagt?

Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Ip address presentation
Ip address presentationIp address presentation
Ip address presentationmuhammad amir
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.pptZaheer720515
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar pptSmriti Rastogi
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 

Was ist angesagt? (20)

Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Subnetting
SubnettingSubnetting
Subnetting
 
IP Address
IP AddressIP Address
IP Address
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Key management
Key managementKey management
Key management
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Email security
Email securityEmail security
Email security
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cia security model
Cia security modelCia security model
Cia security model
 
Web Security
Web SecurityWeb Security
Web Security
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Ip address presentation
Ip address presentationIp address presentation
Ip address presentation
 
IP Security
IP SecurityIP Security
IP Security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
IP addressing seminar ppt
IP addressing seminar pptIP addressing seminar ppt
IP addressing seminar ppt
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 

Andere mochten auch

Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication rajakhurram
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer SecurityChhatra Thapa
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network securitybabak danyal
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security PresentationWajahat Rajab
 
Osi model
Osi modelOsi model
Osi modelOnline
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 

Andere mochten auch (19)

Network security
Network securityNetwork security
Network security
 
Network Security Lec5
Network Security Lec5Network Security Lec5
Network Security Lec5
 
Key management
Key managementKey management
Key management
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
Transport Layer Security
Transport Layer SecurityTransport Layer Security
Transport Layer Security
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
 
E banking security
E banking securityE banking security
E banking security
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Ipsec
IpsecIpsec
Ipsec
 
Osi model
Osi modelOsi model
Osi model
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network security
Network securityNetwork security
Network security
 
OSI Model
OSI ModelOSI Model
OSI Model
 

Ähnlich wie Network security at_osi_layers

OSI reference Model
OSI reference ModelOSI reference Model
OSI reference ModelJohnson Ubah
 
Topology Chapter 2.pptx
Topology Chapter 2.pptxTopology Chapter 2.pptx
Topology Chapter 2.pptxTadeseBeyene
 
BAPANKAR15800121011 SOFT.pptx
BAPANKAR15800121011 SOFT.pptxBAPANKAR15800121011 SOFT.pptx
BAPANKAR15800121011 SOFT.pptxBapanKar2
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA Aiman Hud
 
06 - OSI Model.ppt
06 - OSI Model.ppt06 - OSI Model.ppt
06 - OSI Model.pptssuserf7cd2b
 
06 - OSI Model.ppt
06 - OSI Model.ppt06 - OSI Model.ppt
06 - OSI Model.pptssuserf7cd2b
 
computer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptxcomputer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptxgadisaAdamu
 
Computer_Network
Computer_NetworkComputer_Network
Computer_NetworkRavi Jiyani
 
006 Osi Model
006 Osi Model006 Osi Model
006 Osi ModelBELKA08
 
Networking (osi model)
Networking (osi model)Networking (osi model)
Networking (osi model)Pooja Bhojwani
 

Ähnlich wie Network security at_osi_layers (20)

Learn basics of ip addressing
Learn basics of ip addressingLearn basics of ip addressing
Learn basics of ip addressing
 
01 pengenalan
01 pengenalan01 pengenalan
01 pengenalan
 
OSI Layers
OSI LayersOSI Layers
OSI Layers
 
OSI reference Model
OSI reference ModelOSI reference Model
OSI reference Model
 
Topology Chapter 2.pptx
Topology Chapter 2.pptxTopology Chapter 2.pptx
Topology Chapter 2.pptx
 
OsI reference model
OsI reference modelOsI reference model
OsI reference model
 
BAPANKAR15800121011 SOFT.pptx
BAPANKAR15800121011 SOFT.pptxBAPANKAR15800121011 SOFT.pptx
BAPANKAR15800121011 SOFT.pptx
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 
Ccna notes
Ccna notesCcna notes
Ccna notes
 
06 - OSI Model.ppt
06 - OSI Model.ppt06 - OSI Model.ppt
06 - OSI Model.ppt
 
06 - OSI Model.ppt
06 - OSI Model.ppt06 - OSI Model.ppt
06 - OSI Model.ppt
 
computer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptxcomputer network and chapter 7 OSI layers.pptx
computer network and chapter 7 OSI layers.pptx
 
Computer_Network
Computer_NetworkComputer_Network
Computer_Network
 
chapter 4.pptx
chapter 4.pptxchapter 4.pptx
chapter 4.pptx
 
006 Osi Model
006 Osi Model006 Osi Model
006 Osi Model
 
Bhargava Presentation.ppt
Bhargava Presentation.pptBhargava Presentation.ppt
Bhargava Presentation.ppt
 
Bhargava Presentation.ppt
Bhargava Presentation.pptBhargava Presentation.ppt
Bhargava Presentation.ppt
 
Networking (osi model)
Networking (osi model)Networking (osi model)
Networking (osi model)
 
Wp simoneau osi_model
Wp simoneau osi_modelWp simoneau osi_model
Wp simoneau osi_model
 
Avani
AvaniAvani
Avani
 

Mehr von Federal Urdu University

Muzammil Prescriptive Vs Agile Process Models
Muzammil Prescriptive Vs Agile Process ModelsMuzammil Prescriptive Vs Agile Process Models
Muzammil Prescriptive Vs Agile Process ModelsFederal Urdu University
 

Mehr von Federal Urdu University (20)

Ntc internship report
Ntc internship reportNtc internship report
Ntc internship report
 
Network Security Lec4
Network Security Lec4Network Security Lec4
Network Security Lec4
 
Network Security
Network SecurityNetwork Security
Network Security
 
Unix
UnixUnix
Unix
 
Os Linux Documentation
Os Linux DocumentationOs Linux Documentation
Os Linux Documentation
 
Os Linux
Os LinuxOs Linux
Os Linux
 
Maria Managment Spectrum
Maria Managment SpectrumMaria Managment Spectrum
Maria Managment Spectrum
 
Zohaib Dfd
Zohaib DfdZohaib Dfd
Zohaib Dfd
 
Zeeshan Estimation
Zeeshan EstimationZeeshan Estimation
Zeeshan Estimation
 
Zahid Asd
Zahid AsdZahid Asd
Zahid Asd
 
Umar Erd
Umar ErdUmar Erd
Umar Erd
 
Sohrab Waterfall Vs Rad
Sohrab Waterfall Vs RadSohrab Waterfall Vs Rad
Sohrab Waterfall Vs Rad
 
Sidra Agile Software Process
Sidra Agile Software ProcessSidra Agile Software Process
Sidra Agile Software Process
 
Muzammil Prescriptive Vs Agile Process Models
Muzammil Prescriptive Vs Agile Process ModelsMuzammil Prescriptive Vs Agile Process Models
Muzammil Prescriptive Vs Agile Process Models
 
Muzammil Agile Vs Prescriptive
Muzammil Agile Vs PrescriptiveMuzammil Agile Vs Prescriptive
Muzammil Agile Vs Prescriptive
 
Khurram Spiral
Khurram SpiralKhurram Spiral
Khurram Spiral
 
Hira Xp
Hira XpHira Xp
Hira Xp
 
G4 Group
G4 GroupG4 Group
G4 Group
 
Faisal Incremental Model
Faisal Incremental ModelFaisal Incremental Model
Faisal Incremental Model
 
Ather Proactive Vs Reactive
Ather Proactive Vs ReactiveAther Proactive Vs Reactive
Ather Proactive Vs Reactive
 

Kürzlich hochgeladen

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Network security at_osi_layers

  • 1. Network Security at OSI Layers Muhammad Muzammil Syed Zeeshan Nasir Department of computer science FUUAST, Islamabad 1-OSI Model: Network Routing and routable protocols such as IP and Open Shortest Path In 1983, the International Organization for First (OSPF). Path control Standardization (ISO) and the International and best effort at delivery Telegraph and Telephone Consultative Data link Network interface cards, Committee (CCITT) merged documents and Media Access Control (MAC) developed the OSI model, which is based on addresses, a specific hierarchy where each layer builds framing, formatting, and on the output of each adjacent layer. organizing data The OSI model is a protocol stack where the Physical Transmission media such as lower layers deal primarily with hardware, twisted-pair cabling, and the upper layers deal primarily with wireless systems, software. The OSI model’s seven layers are and fiber-optic cable designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown: Layers Functionality 1.2-Functions of OSI Model: Application Application support such as File Transfer Protocol (FTP), The OSI model functions as follows: Telnet, and 1. Information is introduced into the Hypertext Transfer Protocol application layer and passed down until it (HTTP) ends up at the physical layer. Presentation Encryption, Server Message 2. Next, it is transmitted over the physical Block (SMB), American medium (i.e., wire, coax, or wireless) and Standard Code sent to the target device. for Information Interchange 3. Once at the target device, it proceeds (ASCII), and formatting back up the stack to the application layer. Session Data flow control, startup, shutdown, and error detection/ Correction Transport End-to-end communications, UDP and TCP services
  • 2. send data either quickly or reliably. 1.3-Explanation of Layers: Transport layer responsibilities include end- to-end error recovery and flow control. The The Application Layer: two primary protocols found on this layer Layer 7 is known as the application layer. include: Recognized as the official top layer of the • TCP A connection-oriented protocol; OSI model, this layer serves as the window provides reliable communication for application services. using handshake acknowledgments, error detection, and session The Presentation Layer: teardown. Layer 6 is known as the presentation layer. • UDP A connectionless protocol; The main purpose of the presentation layer offers speed and low overhead as its is to deliver and present data to the primary advantage. application layer. This data must be formatted so that the application layer can The Network Layer: understand and interpret it. The Layer 3 is known as the network layer, presentation layer is responsible for items which is fixed to software and deals with such as: packets. The network layer is the home of • Encryption and decryption of the IP, which offers best effort at delivery messages and seeks to find the best route from the • Compression and deCompression of source to the target network. Network- messages, format translation layer components include: • Handling protocol conversion • Routers • Stateless inspection/packet filters The Session Layer: Layer 5 is known as the session layer. Its The Data Link Layer: purpose is to allow two applications on Layer 2 is known as the data link layer and different computers to establish and is focused on traffic within a single local coordinate a session. It is also responsible area network (LAN).The data link layer for managing the session while information formats and organizes the data before and data are being moved. When a data sending it to the physical layer. Because it is transfer is complete, the session layer tears a physical scheme, hard-coded Mandatory down the session. Session-layer protocols Access Control (MAC) addresses are include: typically used. The data link layer organizes • Remote Procedure Call (RPC) the data into frames. When a frame reaches • Structured Query Language (SQL) the target device, the data link layer strips off the data frame and passes the data The Transport Layer: packet up to the network layer. Data-link- Layer 4 is known as the transport layer. layer components include: Whereas the application, presentation, and • Bridges session layers are primarily concerned with • Switches data, the transport layer is focused on • Network Interface Card (NIC) segments. Depending on the application • MAC addresses protocol being used, the transport layer can
  • 3. The Physical Layer: Layer 1 of the OSI model is known as the Telnet: physical layer. Bit-level communication Telnet is a TCP shell service that takes place at layer 1. Bits have no defined operates on port 23.Telnet enables a client meaning on the wire; however, the physical at one site to establish a session with a host layer defines how long each bit lasts and at another site. The program passes the how it is transmitted and received. Physical information typed at the client’s keyboard layer components include copper cabling, to the host computer system. While Telnet fiber cabling, wireless system components, can be configured to allow unidentified and Ethernet hubs. The physical layer in this connections, it should also be configured to book has been extended to include: require usernames and passwords. • Perimeter security Unfortunately, even then, Telnet sends • Device Security them in clear text. When a user is logged in, • Identification and authentication he or she can perform any allowed task. Simple Mail Transfer Protocol (SMTP): This application is a TCP service that 2-Attacks at OSI operates on port 25, and is designed to Layers: exchange electronic mail between networked systems. Messages sent through SMTP have two parts: an address header Let see the attacks on all layers of OSI and the message text. All types of Model. computers can exchange messages with The Application Layer: SMTP. Spoofing and spamming are two of Most of the applications listed in this the vulnerabilities associated with SMTP. section are totally insecure because they were written for a different time. Here’s a Domain Name Service (DNS): short list of some of the insecure This application operates on port 53, applications and high-level protocols: and performs address translation. DNS converts fully qualified domain names FTP: (FQDNs) into a numeric IP address and FTP is a TCP service that operates on converts IP addresses into FQDNs. DNS uses ports 20 and 21 and is used to move files UDP for DNS queries and TCP for zone from one computer to another. Port 20 is transfers. DNS is subject to poisoning and if used for the data stream, and transfers the misconfigured, can be solicited to perform a data between the client and the server. Port full zone transfer. 21 is the control stream, and is used to pass commands between the client and the FTP Trivial File Transfer Protocol (TFTP): server. Attacks on FTP target misconfigured TFTP operates on port 69, and is directory permissions and compromised or a connectionless version of FTP that uses sniffed clear text passwords. FTP is one of UDP to reduce overhead and reliability. It the most commonly hacked services. connectionless version of FTP that uses UDP to reduce overhead and reliability. It does
  • 4. so without TCP session management or proved to be an example of weak authentication, which can pose a big encryption (i.e., many passwords encrypted security risk. It is used to transfer router with this system could be cracked in less configuration files and to configure cable than 1 second because of the way Microsoft modems. People hacking those cable stored the hashed passwords). modems are known as uncappers. An NTLM password is uppercase, padded to 14 characters, and divided into Hypertext Transfer Protocol (HTTP): seven character parts. The two hashed HTTP is a TCP service that operates on results are concatenated and stored as a port 80. HTTP helped make the Web the LAN Manager (LM) hash, which is stored in popular service that it is today. The HTTP the SAM. The session layer is also connection model is known as a stateless vulnerable to attacks such as session connection. HTTP uses a request response hijacking. Network Basic Input/output protocol where a client sends a request and System (NetBIOS) is another service located a server sends a response. Attacks that in this area of the stack. exploit HTTP can target the server, browser, NetBIOS was developed for IBM and or scripts that run on the browser. Nimda is adopted by Microsoft, and has become an an example of the code that targeted a Web industry standard. It allows applications on server. different systems to communicate through the LAN. On LANs, hosts using NetBIOS Simple Network Management Protocol systems identify themselves using a 15- (SNMP): character unique name. Since NetBIOS is SNMP is a UDP service that operates non-routable, Microsoft adapted it to run on ports 161 and 162, and was designed to over Transmission Control Protocol/Internet be an efficient and inexpensive way to Protocol (TCP/IP). monitor networks. The SNMP protocol NetBIOS is used in conjunction with allows agents to gather information (e.g., SMB, which allows for the remote access of network statistics) and report back to their shared directories and files. This key feature management stations. Some of the security of Windows makes file and print sharing problems that plague SNMP are caused by and the Network Neighborhood possible. It the fact that community strings are passed also introduced other potential as cleartext and the default community vulnerabilities into the stack by giving strings (public/private) are well known. attackers the ability to enumerate systems SNMP version 3 is the most current and and gather user names and accounts, and offers encryption for more robust security. share information. Almost every script kiddie and junior league hacker has The Session Layer: exploited the net use command. There is a weakness in the security controls at the presentation and session The Transport Layer: layers. Let’s look at the Windows NT The transport layer is common with LanMan (NTLM) authentication system. vulnerabilities, because it is the home of Originally developed for Windows systems UDP and TCP. Because UDP is and then revised for Windows NT post connectionless, it’s open for attackers to service pack 2 systems, this security control use for a host of denial of service (DoS)
  • 5. attacks. It’s also easy to spoof and requires no confirmation.TCP is another used and abused protocol. Port scanning and TCP The Physical Layer: make the hacker trade possible. An attacker gaining access to the Before a hacker can launch an attack, telecommunications closet, an open port in he or she must know what is running and the conference room, or an unused office, what to target.TCP makes this possible. could be the foothold needed to breach the From illegal flag settings, NULL, and XMAS, network or, even worse, gain physical to more common synchronous (SYN) and access to a server or piece of equipment. reset (RST) scans, TCP helps attackers It’s a generally accepted fact that if identify services and operating systems. someone gains physical access to an item, they can control it. The Network Layer: At the network level are services such as IP and ICMP. IPv4 has no security services 3-Countermeasures built in, which is why Secure Internet Found in Each Layer: Protocol (IPSec) (a component of IPv6) was developed. Without IPSec, IP can be Security countermeasures are the targeted for many types of attacks (e.g., controls used to protect the confidentiality, DOS), abused through source routing, and integrity, and availability of data and tricked into zombie scanning “IPID Scan.” information systems. While ICMP was developed for diagnostics There is a wide array of security and to help with logical errors, it is also the controls available at every layer of the target of misuse. ICMP can be used to stack. Overall security can be greatly launch Smurf DoS attacks or can be enhanced by adding additional security subverted to become a covert channel with measures, removing unneeded services, programs such as Loki. hardening systems, and limiting access. The Data Link Layer: • Virus Scanners: Antivirus programs The dangers are real at the data link can use one or more techniques to layer. Conversion from logical to physical check files and applications for addressing must be done between the viruses. While virus programs didn’t network and data link layers. Address exist as a concept until 1984, they Resolution Protocol (ARP) resolves logical to are now a persistent and constant physical addresses. problem, which makes maintaining While critical for communication, it is antivirus software a requirement. also used by attackers to bypass switches These programs use a variety of and monitor traffic, which is known as ARP techniques to scan and detect poisoning. Even without ARP poisoning, viruses, including signature passive sniffing can be a powerful tool if the scanning, heuristic scanning, attacker positions himself or herself in the integrity checks, and activity right place on the network. blocking.
  • 6. Pretty Good Privacy (PGP): In 1991, • Secure Electronic Transmission Phil Zimmerman initially developed (SET): SET is a protocol standard that PGP as a free e-mail security was developed by MasterCard, VISA, application, which also made it and others to allow users to make possible to encrypt files and folders. secure transactions over the PGP works by using a public-private Internet. It features digital key system that uses the certificates and digital signatures, International Data Encryption and uses of Secure Sockets Layer Algorithm (IDEA) algorithm to (SSL). encrypt files and email messages. • Terminal Access Controller Access • Secure Multipurpose Internet Mail Control System (TACACS): Available Extensions (S/MIME): S/MME in several variations, including secures e-mail by using X.509 TACACS, Extended TACACS certificates for authentication. The (XTACACS), and TACACS+.TACACS is Public Key Cryptographic Standard is a centralized access control system used to provide encryption, and can that provides authentication, work in one of two modes: signed authorization, and auditing (AAA) and enveloped. Signing provides functions. integrity and authentication. • Kerberos: Kerberos is a network Enveloped provides confidentiality, authentication protocol created by authentication, and integrity. the Massachusetts Institute of • Privacy Enhanced Mail (PEM): PEM Technology (MIT) that uses secret- is an older e-mail security standard key cryptography and facilitates that provides encryption, single sign-on. Kerberos has three authentication, and X.509 parts: a client, a server, and a certificate-based key management. trusted third party to mediate • Secure Shell (SSH): SSH is a secure between them. application layer program with • SSL: Netscape Communications different security capabilities than Corp. initially developed SSL to FTP and Telnet. Like the two provide security and privacy aforementioned programs, SSH between clients and servers over the allows users to remotely log into Internet. It’s application- computers and access and move independent and can be used with files. The design of SSH means that HTTP, FTP, and Telnet. SSL uses no clear text usernames/passwords Rivest, Shamir, & Adleman (RSA) can be sent across the wire. All of public key cryptography and is the information flowing between capable of client authentication, the client and the server is server authentication, and encrypted, which means network encrypted SSL connection. security is greatly enhanced. Packets • Transport Layer Security (TLS): TLS can still be sniffed but the is similar to SSL in that it is information within the packets is application independent. It consists encrypted. of two sub layers: the TLS record
  • 7. protocol and the TLS handshake 128-bit keys. A 24-bit Initialization protocol. Vector (IV) is used to provide • Windows Sockets (SOCKS): SOCKS is randomness; therefore, the “real a security protocol developed and key” may be no more than 40 bits established by Internet standard RFC long. There have been many proven 1928. It allows client-server attacks based on the weaknesses of applications to work behind a WEP. firewall and utilize their security • Wi-Fi Protected Access (WPA): WPA features. was developed as a replacement for • IPSec: IPSec is the most widely used WEP. It delivers a more robust level standard for protecting IP of security.WPA uses Temporal Key datagram’s. Since IPSec can be Integrity Protocol (TKIP), which applied below the application layer, scrambles the keys using a hashing it can be used by any or all algorithm and adds an integrity- applications and is transparent to checking feature that verifies that end users. It can be used in channel the keys haven’t been tampered mode or transport mode. with. Next, WPA improves on WEP • Point-to-point Tunneling Protocol by increasing the IV from 24 bits to (PPTP): Developed by a group of 48 bits.WPA also prevents rollover vendors including Microsoft, 3Com, (i.e., key reuse is less likely to occur). and Ascend, PPTP is comprised of Finally, WPA uses a different secret two components: the transport that key for each packet. maintains the virtual connection and • Packet Filters: Packet filtering is the encryption that insures configured through access control confidentiality. PPTP is widely used lists (ACLs). ACL’s allow rule sets to for virtual private networks (VPNs). be built that will allow or block • Challenge Handshake traffic based on header information. Authentication Protocol (CHAP): As traffic passes through the router, CHAP is an improvement over each packet is compared to the rule previous authentication protocols set and a decision is made whether such as Password Authentication the packet will be permitted or Protocol (PAP) where passwords are denied. sent in clear text. CHAP uses a • Network Address Translation (NAT): predefined secret and a pseudo NAT can be used to translate random value that is used only once. between private and public This facilitates security because the addresses. PrivateIP addresses are value is not reused and the hash those considered non-routable (i.e., cannot be reversed-engineered. public Internet routers will not route • Wired Equivalent Privacy (WEP): traffic to or from addresses in these While not perfect, WEP attempts to ranges). add some measure of security to • Fiber Cable: The type of wireless networking. It is based on transmission media used can make a the RC4 symmetric encryption difference in security. Fiber is much standard and uses either 64-bit or more secure than wired alternatives
  • 8. and unsecured wireless transmission Authentication is the process of proving methods. your identity. Various authentication • Secure Coding: It is more cost- schemes have been developed over the effective to build secure code up years and can be divided into three broad front than to try and go back and fix categories: it later. Just making the change from • Something You Know Passwords C to a language such as .NET or • Something You Have Tokens, smart CSharp can have a big security cards, and certificates • Something You Are Biometrics impact. The drive for profits and the additional time that QA for security would introduce, causes many companies to not invest in secure code. 5- Defending the Data-Link Layer: 4-Defending the Protocol define at this layer provide security. Physical Layer: Ethernet LAN Security: There is no security protocol that will The Ethernet LAN has many security defend physical layer, but several natural weaknesses when facing attacks externally methods are utilized to perform our job. and internally. Security measures must be taken to ensure a secured environment for The security controls on physical layer communications ever the Ethernet LAN. The have three primary goals: following are some key risks in an Ethernet • Deter (Discourage): Two methods LAN: used to deter intruders are security lighting and “Beware of Dog” signs. • The primary weakness with Ethernet • Delay: Some of the techniques used is that it is a broadcast system. Every to delay an intruder include fences, message sent out by any computer gates, locks, access controls, and on an Ethernet LAN segment mantraps. reaches all parts of that segment • Detect: Two systems used to detect and potentially could be read by any intruders are intrusion detection computer on the segment. Sniffing systems (IDSes) and alarms. type programs can record, read and analyze all the messages on a Physical security focuses on intruders segment. Actually others can read and thieves. Some main concern to security your password and subsequently are follow: login to any account. They can also Identification and Authentication: change the information and forge Identification is the process of totally different messages. identifying yourself, and is commonly • Peer-to-Peer networking systems performed by entering a username. (both Windows and Macintosh
  • 9. AppleTalk) for Workgroups allow snooper" is on one side of a bridge people on the network to share files or router they will not see any traffic and printers, which open up your passing between computers on the files to anyone using another other side of the filter. computer in the group. • Lan Security Architecture (LSA): a • Some applications, such as FTP proprietary technique where twisted program which allows you to get pair hubs inspect incoming files from and send files to another messages and will only transmit computer, may have an option in them unscrambled to the their configuration which allows destination computer. All other other computers to get into your computers on the hub receive computer and have access to your scrambled messages. files while the program is running. • It is relatively easy in an Ethernet Software Solutions for Ethernet LAN LAN to fake an Email message and Security other messages which purports to come from someone else. It is also • Encryption: Encrypting the data possible to fake a login session by passing between your computer and recording a legitimate one and its destination. There are many running the recording later on. encryption technologies and product available which effective protect There are many hardware and software information and data privacy. The solutions to address the above Ethernet popular encryption methods used LAN security issues: are PGP (Pretty Good Privacy). • Authentication: Use user name and Hardware Solutions for Ethernet LAN password to authenticate users. It is Security necessary to encrypt the password and implement timestamps making • Use a switched network: A switch forgery extremely difficult. can segregate a network into many • Combination technologies: Many parts which can effectively new technologies are available preventing snooping and sniffing on which doing both authentication a network. These switches also and encryption. One of such reduce network traffic by limiting technologies is Kerberos which uses messages to only the parts of the tokens, timestamps, tickets and network on which they are needed encryption to make transactions to improve the efficiency of the between computers secure. whole network. • Bridges and Routers: Bridges and routers are electronic filters which only pass a network message through themselves if the destination lies on the other side of VLAN: Virtual Local Area Network and IEEE the filter. Consequently if "the 802.1Q
  • 10. Virtual LAN (VLAN) refers to a group of Passwords logically networked devices on one or more Sensitive information LANs that are configured so that they can Information gathering communicate as if they were attached to • Broadcast Attacks the same wire, when in fact they are • Man-In-the-Middle (MIM) Attack: located on a number of different LAN Man-in-the-Middle (MIM) is a very common segments. Because VLANs are based on type of attack, in which an attacker inserts logical instead of physical connections, it is his computer between the communication very flexible for user/host management, paths of two target computers by Sniffs bandwidth allocation and resource packets from Network, modified them and optimization. then insert them back into the Network. • Denial of Services (DoS) Attack: There are the following types of Virtual A “Denial of Service (DoS)” attack is a flood LANs: of packets that consumes network resources and causes deadlock. 1. Port-Based VLAN: each physical • Session Hijacking: switch port is configured with an Session Hijacking is a process by which an access list specifying membership in attacker sees/ listen an active TCP a set of VLANs. connection between two other hosts and 2. MAC-based VLAN: a switch is then insert fake packets (in one or both configured with an access list directions) and takes control of the mapping individual MAC addresses connection. This method is similar to the to VLAN membership. MIM attack. 3. ATM VLAN - using LAN Emulation • Sniffing (Passwords, Sensitive (LANE) protocol to map Ethernet Information and Information packets into ATM cells and deliver Gathering): them to their destination by Sniffing is a process of monitoring all converting an Ethernet MAC address information or reading the packets that are into an ATM address. being transmitted on a network. An attacker can sniff network traffic and ARP: can also passively intercept network traffic. Address Resolution Protocol Then, through packet analysis, he might be Types of ARP Attacks: able to determine login IDs and passwords There are many ways an attacker can gain and collect other sensitive data. There are access or exploit your system. It is not so many tools available for Sniffing like important how attacker gain access into the Hunt, Sniffit, Ettercap, Snort and Dsniff. system. Once the intruder breaks into your system he can use it according to his way. They work as follows: Following are some types of attacks that a) Ethernet was built around a "shared" can be resulted from ARP Spoofing: principle: all machines on a local network • Man-in-the-Middle (MIM) share the same wire. • Denial of Services (DoS) b) This implies that all machines are able to • Session Hijacking "see" all the traffic on the same wire. • Sniffing
  • 11. c) Thus, Ethernet hardware is built with a key security risks at the Network Layer "filter" that ignores all traffic that doesn't associated with the IP: belong to it. It does this by ignoring all frames whose MAC address doesn't match. • IP Spoofing: The intruder sends • Broadcast Attacks: messages to a host with an IP This technique is used to send a large address (not its own IP address) amount of ICMP echo request (Ping) traffic indicating that the message is to all known IP broadcast addresses with coming from a trusted host to gain the spoofed source address of the victim. un-authorized access to the host or other hosts. To engage in IP spoofing, a hacker must first use a Strategy to overcome the constraints: variety of techniques to find an IP address of a trusted host and then • Network Analyzer Tools and modify the packet headers so that it Sniffers: appears that the packets are coming It allows you to inspect network from that host. traffic at every level of the network stack in • Routing (RIP) attacks : Routing various degrees of detail. Information Protocol (RIP) is used to • Encryption: distribute routing information within Encryption is an effective way to networks, such as shortest-paths, defend against Sniffing and ARP Spoofing. and advertising routes out from the Encryption prevents any non-authorized local network. RIP has no built in party from reading or changing data. authentication, and the information • Intrusion Detection Systems (IDS): provided in a RIP packet is often IDS identify attacker’s attempts to used without verifying it attack or break into the network and • ICMP Attacks: ICMP is used by the IP misuse it. IDSs may monitor packets passing layer to send one-way informational over the network, monitor system files, messages to a host. There is no monitor log files, or set up deception authentication in ICMP, which leads systems that attempt to trap hackers. Port to attacks using ICMP that can result Scans and Denial-of-Service Attacks are an in a denial of service, or allowing the ongoing threat. attacker to intercept packets. Denial of service attacks primarily use either the ICMP "Time exceeded" or 6- Defending the Network Layer: "Destination unreachable" message. Both of these ICMP messages can Every layer of communication has its cause a host to immediately drop a own unique security challenges. The connection Network Layer is especially weak for many • PING Flood (ICMP Flood): PING is Denial of Service attacks and information one of the most common uses of privacy problems. The most popular ICMP which sends an ICMP "Echo protocol used in the network layer is IP Request" to a host, and waits for (Internet Protocol). The following are the that host to send back an ICMP "Echo Reply" message. Attacker
  • 12. simply sends a huge number of connectionless integrity, data origin "ICMP Echo Requests" to the victim authentication, rejection of replayed to cause its system crash or slow packets (a form of partial sequence down. This is an easy attack because integrity), confidentiality (encryption), and many ping utilities support this limited traffic flow confidentiality. Because operation, and the hacker doesn't these services are provided at the IP layer, need much knowledge. they can be used by any higher layer • Packet Sniffing: Because most protocol, e.g., TCP, UDP, ICMP, BGP, etc. network applications distribute network packets in clear text, a These objectives are met through the use of packet sniffer can provide its user two traffic security protocols, the with meaningful and often sensitive Authentication Header (AH) and the information, such as user account Encapsulating Security Payload (ESP), and names and passwords. A packet through the use of cryptographic key sniffer can provide an attacker with management procedures and information that is queried from the protocols. The set of IPSec protocols database, as well as the user employed in any context, and the ways in account names and passwords used which they are employed, will be to access the database. This cause determined by the security and system serious information privacy requirements of users, applications, and/or problems as well as tools for crimes. sites/organizations. IPSec: Internet Protocol Security (IPSec) is a Protocol Structure: protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPSec provides security services at the network layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPSec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. The set of security services that IPSec can provide includes access control,
  • 13. 7- Defending the providing endpoint authentication Transport Layer: and encryption. One faulty SSL client implementation Microsoft I Explorer, allows for transparent SSL The transport Layer is especially weak for attacks. SSL that would warn the the Denial of Service (DOS) attack or user about problems with the server Distributed Denial of Service (DDOS) attack. certificate. Two most popular protocols used in the • TCP Connecting Hijacking is also transport layer are TCP (Transmission known as Man-in-the-Middle attack. Control Protocol) and UDP (User Datagram With this attack, an attacker can Protocol). The following are the key security allow normal authentication to risks at the Transport Layer associated with proceed between the two hosts, and TCP and UDP: then seize control of the connection. There are two possible ways to do • TCP "SYN" attack is also known as this: one is during the TCP three-way SYN Flooding. It takes advantage of a handshake, and the other is in the flaw in how most hosts implement middle of an established connection. the TCP three-way handshake. • UDP Flood Attack: UDP is a When Host B receives the SYN connectionless protocol and it does request from A, it must keep track of not require any connection setup the partially opened connection in a procedure to transfer data. A UDP "listen queue" for at least 75 Flood Attack is possible when an seconds. Many implementations can attacker sends a UDP packet to a only keep track of a very limited random port on the victim system. number of connections. A malicious When the victim system receives a host can exploit the small size of the UDP packet, it will determine what listen queue by sending multiple application is waiting on the SYN requests to a host, but never destination port. When it realizes replying to the SYN&ACK the other that there is no application that is host sends back. By doing so, the waiting on the port, it will generate other host's listen queue is quickly an ICMP packet of destination filled up, and it will stop accepting unreachable to the forged source new connections, until a partially address. If enough UDP packets are opened connection in the queue is delivered to ports on victim, the completed or times out. This ability system will go down. of removing a host from the network for at least 75 seconds can The three-way handshake: in Transmission be used as a denial-of-service attack, or it can be used as a tool to Control Protocol is the method used to implement other attacks, like IP establish and tear down network Spoofing. • SSL Man-in-the-Middle Attacks: connections. This handshaking technique is SSL/TLS was supposed to mitigate referred to as the 3-way handshake or as that risk for web transactions by
  • 14. "SYN-SYN-ACK" (or more accurately SYN, store sensitive data such as medical SYN-ACK, ACK). The TCP handshaking information, or collect confidential mechanism is designed so that two information from the users on the network, computers attempting to communicate can and can also be used by other businesses negotiate the parameters of the network that want to secure network connections connection before beginning between the client and the server. communication. Transport Layer Security involves the use of • Host A sends a TCP SYNchronize an encryption system which utilizes a digital packet to Host B certificate which is formulated to identify • Host B receives A's SYN • Host B sends a SYNchronize- the network owner, as well as create public ACKnowledgement keys that are used to encrypt • Host A receives B's SYN-ACK • Host A sends ACKnowledge communications over the network. The • Host B receives ACK. TCP connection certificate is installed on the portion of the is ESTABLISHED. server that requires encryption. When the client logs onto the network, a Transport Layer Security: message is sent to the server that identifies Transport Layer Security provides a way for the client. The server will then return a you to create a secure network connection message and list the cryptographic methods between a client and a server by encrypting that are to be used for communication to the connection between both entities. ensure the client and the server are Transport Layer Security is similar to communicating in the same language. Security Socket Layers because both • Different Types of Transport Layer protocols provide security for applications Security such as email, Instant Messaging, Web There are several different types of browsing, VoIP (Voice over Internet Transport Layer Security depending upon Protocol). the encryption requirements for the Transport Layer Security is used within organization. organizations that use payment processes,
  • 15. • Web Server Transport Layer 8- Defending the Security: This type of encryption Session Layer: protects the data when the client connects to the Internet to send data through a Web browser or Protocols that assist it are discussed. website. The TLS encryption provides a secure Web server and NetBIOS: prevents the data from being NetBIOS is a protocol that Microsoft intercepted by an unauthorized Windows systems use to share user. resources. For example, if a PC • Email Server Transport Layer running Windows wants to connect Security: To secure to and access a share on a file communications between the server, it probably uses NetBIOS. email client and the server, a SMB, the method used to access file digital certificate is installed on and printer shares, can also run the email server to provide encrypted communications when independently of NetBIOS over TCP sending and receiving confidential ports 139 and 445. Both of these information via email. approaches, however, tend to increase the attack surface of a • Virtual Private Network Security: network. Transport Layer Security works to secure a virtual private network The ports that we’d have to open to appliance by installing a digital certificate on the VPN appliance the Internet are UDP/137, UDP/138, that provides an encrypted and TCP/139. Unfortunately, the connection between the remote most popular attacker target is user and the network that they NetBIOS and against these ports. are accessing. Once an attacker discovers an active • Database and Directory Security: Organizations deploy Transport port 139 on a device, he can run Layer Security to encrypt server NBSTAT to begin the very important queries for databases and first step of an attack—foot printing. directories that contain sensitive With the NBSTAT command, he can data and information obtain some or all of the following information: • Computer name • Contents of the remote name cache, including IP addresses
  • 16. A list of local NetBIOS names o Perform malware scanning • A list of names resolved by on end user stations after broadcast or via WINS decryption. o Use message content • Contents of the session table scanners specifically with the destination IP designed to check the addresses content of encrypted. Defending against external NetBIOS connections 10-Defending the • Disabling the system’s ability to Application Layer: support null sessions • Defining very strong passwords for the local administrator accounts 1. SMTP: Simple Mail Transfer Protocol • Defining very strong passwords for shares, assuming you absolutely Simple Mail Transfer Protocol (SMTP) is a have to have shares on exposed protocol designed to transfer electronic systems mail reliably and efficiently. SMTP is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification 9-Defending the regarding incoming mail. Presentation Layer: SMTP is independent of the particular transmission subsystem and requires only a S/MIME security: reliable ordered data stream channel. An important feature of SMTP is its capability S/MIME support is one of Outlook's to transport mail across networks, usually unheralded important features. It gives you referred to as "SMTP mail relaying". Using end-to-end protection: SMTP, a process can transfer mail to another process on the same network or to • S/MIME is tailored for end to end some other network via a relay or gateway security. Encryption will not only process accessible to both networks. encrypt your messages, but also malware. Thus if your mail is In this way, a mail message may pass scanned for malware anywhere but through a number of intermediate relay or at the end points, such as your gateway hosts on its path from sender to company's gateway, encryption will ultimate recipient. The Mail eXchanger defeat the detector and successfully mechanisms of the domain name system deliver the malware. Solutions: are used to identify the appropriate next- hop destination for a message being transported.
  • 17. Security: node that contains an SNMP agent and that resides on a managed network. Managed One of the ways to restrict access to devices collect and store management an outgoing mail server is to verify information and make this information that the computer is on the ISP's available to NMSs using SNMP. Managed local network. When you dial your devices, sometimes called network modem and connect to your ISP, elements, can be routers and access your computer is given an IP address servers, switches and bridges, hubs, that identifies you as being a part of computer hosts, or printers. An agent is a that ISP's network. If you have two network management software module ISPs and dial up to one and then that resides in a managed device. An agent connect to the other's mail server, it has local knowledge of management may prevent you from relaying mail information and translates that information because your computer is not into a form compatible with SNMP. An NMS identified as being on the local executes applications that monitor and network for the provider whose mail control managed devices. server you are sending through. In this case, you should try to use the • SNMP v1 Basic Operations and SMTP server for the provider you Features have used to dial up and connect to • SNMP v2 Additional Operations the Internet. • SNMP v3 Security Enhancement Why Security is Important in SNMP: 2. SNMP: Simple Network Management Protocol The need for security in SNMP is obvious because the MIB objects being Simple Network Management Protocol communicated contain critical information (SNMP) is the protocol developed to about network devices. We don't want just manage nodes (servers, workstations, anyone “snooping” into our network to find routers, switches and hubs etc.) on an IP out our IP addresses, or how long our network. SNMP enables network machines have been running, or whether administrators to manage network our links are down, or pretty much anything performance, find and solve network else. problems, and plan for network growth. Network management systems learn of 3. DHCP problems by receiving traps or change notices from network devices implementing DHCP spoofing SNMP. DHCP spoofing is a type of attack on DHCP An SNMP managed network consists of server to obtain IP addresses using spoofed three key components: managed devices, DHCP messages. In the cases where the agents, and network-management systems DHCP server is on a remote network, and an (NMSs). A managed device is a network IP address is required to access the
  • 18. network, but since the DHCP server supplies when requesting a DHCP IP address and the IP address, the requester is at an thus is not able to access the network. impasse. To supply access to the network, DHCP starvation may be purely a denial of when the Pipeline receives a DHCP Discover service (DoS) mechanism or may be used in packet (a request for an IP address from a conjunction with a malicious rogue server PC on the network), it responds with a attack to redirect traffic to a malicious DHCP Offer packet containing the computer ready to intercept traffic. configured (spoofed) IP address and a renewal time, which is set to a few seconds. When the normal DHCP server is down, the The requester then has access to the DHCP network attacker can then set up a rogue server and gets a real IP address. (Other DHCP server on his or her system and variations exist in environments where the respond to new DHCP requests from clients APP server utility is running.) on the network. An intruder may issue an address with DNS server information or DHCP Starvation default gateway information that redirects traffic to a computer under the control of A DHCP starvation attack works by the intruder. broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with DHCP Starvation Attack Mitigation attack tools such as gobbler. If enough requests are sent, the network attacker can By limiting the number of MAC addresses exhaust the address space available to the on a switch port will reduce the risk of DHCP servers for a period of time. This is a DHCP starvation attack. When more simple resource starvation attack just like a systems implement the RFC 3118, SYN flood is a starvation attack. The Authentication for DHCP Messages, DHCP network attacker can then set up a rogue starvation attacks will become more DHCP server on his or her system and difficulty. respond to new DHCP requests from clients on the network. Exhausting all of the DHCP Adding Security to DHCP addresses is not required to introduce a rogue DHCP server, though. Since DHCP runs over UDP and IP, one could use IPSec at layer three to provide authentication. DHCP Starvation Attack DHCP starvation attack works by 4. FTP: File Transfer Protocol broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with File Transfer Protocol (FTP) enables file attack tools such as gobbler. If enough sharing between hosts. FTP uses TCP to requests are sent, the network attacker can create a virtual connection for control exhaust the address space available to the information and then creates a separate DHCP servers for a period of time. TCP connection for data transfers. The Subsequently, a legitimate user is denied control connection uses an image of the
  • 19. TELNET protocol to exchange commands sensitive information should be and messages between hosts. transferred with SFTP . The key functions of FTP are: 1) To promote sharing of files (computer programs and/or data), S-FTP, or Secure FTP, S/FTP 2) To encourage indirect or implicit (via programs) use of remote computers, Secure FTP (S-FTP or S/FTP) is the enhanced version of the File Transfer Protocol (FTP) 3) To shield a user from variations in file with security features. Mainly, S-FTP adds storage systems among hosts, and encryption to the FTP contents which is send in clear text in the original FTP version. 4) To transfer data reliably and efficiently. S-FTP is available on almost all operating FTP, though usable directly by a user at a systems including Windows, UNIX, and terminal, is designed mainly for use by Macintosh. programs. 5. Hypertext Transfer Protocol Secure FTP has little security protection when (HTTPS) performing file transfer: both user password and the data are exposed to HTTP is a combination of the Hypertext public. To make the file transfer more Transfer Protocol with the SSL/TLS secure, some enhancements have been protocol to provide encryption and made on the FTP, including SFTP SSH secure (website security testing) protected FTP and BBFTP. identification of the server. • The data that is transferred, it should only be used to transfer small S-HTTP: Secure Hypertext Transfer (1-10KB) files containing sensitive Protocol data. Large files that do not contain sensitive information should be Secure HTTP (S-HTTP) is a secure message- transferred via a method that does oriented communications protocol not encrypt data. designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's • SSH protected FTP: This transfer messaging model and to be easily method encrypts the password integrated with HTTP applications. information but does NOT encrypt the data being transferred. As a Secure HTTP provides a variety of security result, it should only be used to mechanisms to HTTP clients and servers, transfer large (and small) files that providing the security service options do NOT contain sensitive appropriate to the wide range of potential information. File that contains end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric
  • 20. capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. 11- References: • Web Sites • http://www.infosecwriters.com • http://www.javvin.com • http://www.spamlaws.com • http://www.inetdaemon.com • http://blogs.techrepublic.com.com • http://en.wikipedia.org • Books • Hack The Stack • Network Management Fundamental • Network Security Essential