CISSP:
Network Security
Week 5; Pages 266-315
Part 1
OSI & TCP/IP
OSI and TCP/IP
OSI and TCP/IP
Open System Interconnect Model
● Defined in 1984. Last revision in 1994.
● International Standard (ISO/IEC ...
OSI and TCP/IP
The OSI Layers
1. Physical
a. CAT5 and fiber optic cables
b. Electrical signals
c. Topologies (Star, Bus, R...
OSI and TCP/IP
4. Transport
a. TCP & UDP
b. Error Detection and Correction
c. Three-Way Handshake
5. Session
a. Logical Pe...
OSI and TCP/IP
Routing Protocols (under Network Layer)
● RIP v1 & 2 (RFCs 1058, 1723)
○ Uses distance vector to select pat...
OSI and TCP/IP
● BGP (RFCs 4271, 1771, 1654, 1105, 1163,
1267)
○ for interdomain routing in TCP/IP networks
○ allows the i...
OSI & TCP/IP
TCP Control Bits
● URG - Urgent Pointer field significant
● ACK - Acknowledgement field significant
● PSH - P...
OSI and TCP/IP
Three-Way Handshake
OSI & TCP/IP
Sublayers of Presentation Layer
● CASE
○ provides common application services
○ ACSE, ROSE, CCR, RTSE
● SASE
...
OSI and TCP/IP
Part 2
IP Networking
IP Networking
Network Addressing
● In 8.24.28.159
○ 8 is network (assigned by orgs like ICANN)
○ .24.28.159 is unique to h...
IP Networking
Network Addressing
● Special networks: 10.0.0.0, 127.0.0.0,
172.16.0.0-172.31.0.0, 192.168.0.0
● Subnets
○ O...
IP Networking
CIDR/IPv6
● IP addresses in high demand since '90s
● CIDR introduced to help remedy
○ Classless interdomain ...
IP Networking
● Connection requires two parts
○ IP Address
○ Ports
● Ports associated with TCP/UDP
● IANA manages standard...
IP Networking
IP Networking
DHCP
● Allows hosts to get their own IP addresses
● Process is similar to three-way handshake
○ Workstation ...
IP Networking
While ICMP is useful, attackers also love it.
● Ping of Death
○ ICMP echo larger than 65,536 bytes would cau...
IP Networking
● VRRP
○ Performs failover for routers
○ Acts as a virtual router transparently
● RPCs
○ Allows a host to ex...
IP Networking
Port 53
RFCs 882, 1034, 1035
IP Networking
Directory Services (Again...)
● LDAP
○ supports lots of back ends
○ weak authentication; transfers in CT
● N...
IP Networking
File sharing
● CIFS/SMB/Samba
○ Prevalent on Windows, but also used on Unix-
based systems
○ Capable of user...
IP Networking
● SMTP
○ Routes email
○ No authentication; identification using email
address
○ ESMTP improves security; pro...
IP Networking
● Anonymous FTP
○ Replaced with similar HTTP services
○ Considered unsafe due to the need to input an
email ...
IP Networking
● HTTP
○ Initially "Web enabled" apps caused security
issues
○ No encryption support; simple authentication
...
Part 3
Implications of
Multi-Layer
Protocols
Multi-Layer Protocols
Typically found used with industrial systems
● SCADA (also called ICS)
○ Control Server - hosts soft...
Questions?
Upcoming SlideShare
Loading in …5
×

CISSP Week 5

972 views

Published on

Published in: Technology

CISSP Week 5

  1. 1. CISSP: Network Security Week 5; Pages 266-315
  2. 2. Part 1 OSI & TCP/IP
  3. 3. OSI and TCP/IP
  4. 4. OSI and TCP/IP Open System Interconnect Model ● Defined in 1984. Last revision in 1994. ● International Standard (ISO/IEC 7498-1) ● Theoretical way to describe network structure ● Divided into 7 layers ○ Certain layers require further subdivisions
  5. 5. OSI and TCP/IP The OSI Layers 1. Physical a. CAT5 and fiber optic cables b. Electrical signals c. Topologies (Star, Bus, Ring) 2. Data-link a. Logical Link Contol (Error and flow control) b. Media Access Control (Hardware addressing) c. Switches 3. Network a. Internet Protocol (Addressing, Fragmentation) b. Routers
  6. 6. OSI and TCP/IP 4. Transport a. TCP & UDP b. Error Detection and Correction c. Three-Way Handshake 5. Session a. Logical Persistent Connection b. Duplex vs. Simplex 6. Presentation a. Ensures common formats b. Complex Architecture 7. Application a. HTTP, FTP, SMTP, DHCP, etc... b. Web browser
  7. 7. OSI and TCP/IP Routing Protocols (under Network Layer) ● RIP v1 & 2 (RFCs 1058, 1723) ○ Uses distance vector to select path w/ fewest hops; not always fastest; no more than 15 hops ○ v2 supports subnet mask and password authentication ● OSPF v1 & 2 (RFCs 1131, 1583, 2328) ○ Link-state based ○ smaller, more frequent updates to routing tables ○ supports classless IP ranges
  8. 8. OSI and TCP/IP ● BGP (RFCs 4271, 1771, 1654, 1105, 1163, 1267) ○ for interdomain routing in TCP/IP networks ○ allows the internet to be decentralized ● ICMP (RFC 792) ○ Used heavily in troubleshooting ○ Announces network errors, congestion, and timeouts ○ Common utilities using this protocol: Ping, Traceroute
  9. 9. OSI & TCP/IP TCP Control Bits ● URG - Urgent Pointer field significant ● ACK - Acknowledgement field significant ● PSH - Push Function ● RST - Reset the connection ● SYN - Synchronize sequence numbers ● FIN - No more data from sender
  10. 10. OSI and TCP/IP Three-Way Handshake
  11. 11. OSI & TCP/IP Sublayers of Presentation Layer ● CASE ○ provides common application services ○ ACSE, ROSE, CCR, RTSE ● SASE ○ provides specific application services ○ FTAM, VT, MOTIS, CMIP, MMS, RDA, DTP
  12. 12. OSI and TCP/IP
  13. 13. Part 2 IP Networking
  14. 14. IP Networking Network Addressing ● In 8.24.28.159 ○ 8 is network (assigned by orgs like ICANN) ○ .24.28.159 is unique to host ● .0 and .255 are not used by hosts ● Class A: 1.0.0.0 - 127.255.255.254 ● Class B: 128.0.0.0 - 191.255.255.254 ● Class C: 192.0.0.0 - 223.255.255.254 ● Class D: 224. - 239. (for multicast) ● Class E: 240. - 255. (Special purpose)
  15. 15. IP Networking Network Addressing ● Special networks: 10.0.0.0, 127.0.0.0, 172.16.0.0-172.31.0.0, 192.168.0.0 ● Subnets ○ Octets represent bits ○ All bits with a value of 1 are network bits ○ Example: A host in the 172.25.156.0 network with a subnet mask of 255.255.255.224 means that its address will be between 172.27.165.1 and 172.27.165.30. Next subnet will start at 172.27.165.32.
  16. 16. IP Networking CIDR/IPv6 ● IP addresses in high demand since '90s ● CIDR introduced to help remedy ○ Classless interdomain (remember BGP?) ● IPv6 currently being introduced ○ Much longer addresses using hexadecimal ○ IPSec implemented ○ Increased throughput ○ Better QoS (meaning better VoIP)
  17. 17. IP Networking ● Connection requires two parts ○ IP Address ○ Ports ● Ports associated with TCP/UDP ● IANA manages standard port numbers ○ 0-1023: well-known; 1024-49151: registered; 49152-65535: private
  18. 18. IP Networking
  19. 19. IP Networking DHCP ● Allows hosts to get their own IP addresses ● Process is similar to three-way handshake ○ Workstation sends out DHCPDISCOVER ○ Server responds with DHCPOFFER ○ Workstation sends DHCPREQUEST to begin lease ○ Server responds with DHCPACK ● Authentication supported (RFC 3118)
  20. 20. IP Networking While ICMP is useful, attackers also love it. ● Ping of Death ○ ICMP echo larger than 65,536 bytes would cause systems to crash; OSs now made to handle it ● Redirect attacks ○ Man-in-the-Middle by redirecting a host through an attackers computer ● Ping Scanning & Traceroute Exploitation ○ Scanning for open ports/mapping network; NMAP ● IGMP ○ used to manage multicasting groups
  21. 21. IP Networking ● VRRP ○ Performs failover for routers ○ Acts as a virtual router transparently ● RPCs ○ Allows a host to execute code not stored on it ○ CORBA and DCOM are examples
  22. 22. IP Networking Port 53 RFCs 882, 1034, 1035
  23. 23. IP Networking Directory Services (Again...) ● LDAP ○ supports lots of back ends ○ weak authentication; transfers in CT ● NetBIOS ● NIS, NIS+ ○ Commonly used to manage user credentials ○ NIS does not authenticate between request, NIS+ does Port 389; RFC 1777 Ports 135, 137, 138, 139; RFCs 1001, 1002
  24. 24. IP Networking File sharing ● CIFS/SMB/Samba ○ Prevalent on Windows, but also used on Unix- based systems ○ Capable of user- and tree-level security ○ Credentials sent in CT for backwards compatability ● NFS ○ Prevalent on Unix-type systems, but also found on Windows. ○ v2 & v3 are stateless protocols for performance ○ Secure NFS uses DES for authentication and encryption; time stamps for tokens ○ v4 uses Kerberos and is stateful Port 445 RFCs 1094, 1813, 3010, 3530
  25. 25. IP Networking ● SMTP ○ Routes email ○ No authentication; identification using email address ○ ESMTP improves security; provides authentication ● FTP ○ Requires two channels: control and data ○ Original: username/password auth passed in CT ○ TLS: sends AUTH TLS command to encrypt session ○ SFTP: encrypts both control and data ○ FTP over SSH: tunneling; only encrypts control ○ Active and Passive: server could be blocked by firewall Port 25 Ports 20, 21; RFCs 959, 4217
  26. 26. IP Networking ● Anonymous FTP ○ Replaced with similar HTTP services ○ Considered unsafe due to the need to input an email address for access ● TFTP ○ Simplified FTP similar in purpose to Anonymous ○ Used on LANs for system administration tasks Ports 69; RFC 1350
  27. 27. IP Networking ● HTTP ○ Initially "Web enabled" apps caused security issues ○ No encryption support; simple authentication ● Proxying ○ Anonymizing ■ Allows obfuscation of connection information ○ Open ■ Allows unrestricted access to GET commands ■ Can be used to launch attacks ○ Content Filtering ■ Blocks traffic to restricted sites ■ Protects against accidental downloading of viruses Port 80; RFCs 1945, 2109, 2616
  28. 28. Part 3 Implications of Multi-Layer Protocols
  29. 29. Multi-Layer Protocols Typically found used with industrial systems ● SCADA (also called ICS) ○ Control Server - hosts software ○ RTU - equipped with radios ○ HMI - where people control the machines ○ PLC - controls machinery components ○ IED - sensors that collect data ○ IO Server - collects info from RTUs, PLCs, IEDs ○ Data Historian - like SEIM ● Modbus ○ Information sent in clear text ○ No authentication to send commands
  30. 30. Questions?

×