T C P I P Weaknesses And Solutions


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

T C P I P Weaknesses And Solutions

  1. 1. <ul><li>TCP/IP PROTOCOL SUITE </li></ul><ul><li>WEAKNESSES </li></ul><ul><li>& </li></ul><ul><li>SOLUTIONS </li></ul><ul><li>Enis Karaaslan </li></ul><ul><li>Ege University </li></ul><ul><li>International Computer Institute </li></ul><ul><li>35100 Bornova-İZMİR </li></ul><ul><li>[email_address] </li></ul>
  2. 2. Presentation Content <ul><li>TCP/IP Protocol Suite </li></ul><ul><li>IP Security Problems </li></ul><ul><ul><li>TCP/IP Weaknesses </li></ul></ul><ul><ul><li>IP Based Attacks </li></ul></ul><ul><li>Case Story - Attack on HTTP </li></ul><ul><li>Protection Methods </li></ul><ul><li>IPv6 </li></ul><ul><li>SECURE IP –Ipsec </li></ul><ul><li>Discussion & Conclusion </li></ul>
  3. 3. TCP/IP Protocol Suite <ul><li>TCP/IP is a protocol suite which is used to transfer data through networks. It consists of several protocols. The most important is IP. </li></ul><ul><li>  IP : mainly takes care of specifying where to send data. </li></ul><ul><li>The main protocols associated with it are : </li></ul><ul><li>  </li></ul><ul><ul><li>TCP (Transmission Control Protocol) </li></ul></ul><ul><ul><li>UDP ( User Datagram Protocol) </li></ul></ul><ul><ul><li>ICMP (Internet Control Message Protocol) : </li></ul></ul>
  4. 4. Relevant points about TCP/IP <ul><li>The TCP/IP protocol suite contains all protocols necessary to facilitate data transfer over the Internet </li></ul><ul><li>The TCP/IP protocol suite provides quick, reliable networking without consuming heavy network resources </li></ul><ul><li>TCP/IP is implemented on almost all computing platforms </li></ul>
  5. 5. Addressing in TCP/IP <ul><li>Today millions of computers interact with eachother. There is a need to establish : </li></ul><ul><ul><li>A globally accepted method of identifying computers. </li></ul></ul><ul><ul><li>To provide a universal communication service. </li></ul></ul>
  6. 6. Internet Address Classification <ul><li>IP Addresses (version 4) </li></ul><ul><li>Five classes (A,B,C,D,E) Addresses are 32-bits. </li></ul><ul><ul><li>Class A - (0) – ( more than 65,536 (2^16) hosts ) </li></ul></ul><ul><ul><li>Class B - (10) – (between 256 (2^8) and 65,536 (2^16) hosts ) </li></ul></ul><ul><ul><li>Class C - (110) (less than 256 (2^8) hosts) </li></ul></ul><ul><ul><li>Class D - (1110) - Multicast addressing. </li></ul></ul><ul><ul><li>Class E - (11110) - Reserved for future use. </li></ul></ul><ul><li>IPv6 (proposed) uses 128 -bits. </li></ul>
  7. 7. Port Numbers <ul><li>TCP/IP communication uses special port number which it connects to. Some well-known port numbers are: </li></ul><ul><li>21 - FTP (File Transfer Protocol) </li></ul><ul><li>23 - Telnet </li></ul><ul><li>25 - SMTP (Simple Mail Transfer Protocol) </li></ul><ul><li>80 - HTTP (HyperText Transfer Protocol) </li></ul>
  8. 8. IP Security Problems <ul><li>Having security problems depends on the facts that : </li></ul><ul><ul><li>IP was designed for use in a hostile environment, but it’s designers didn’t throug h ly anticipate how hostile the network itself might one day come. </li></ul></ul><ul><ul><li>IP wasn’t designed to provide security </li></ul></ul><ul><ul><li>IP is an evolving protocol </li></ul></ul>
  9. 9. TCP/IP Weaknesses <ul><li>Protection through the use of privileged ports (0-1000) has little value since PCs have become TCP/IP clients. </li></ul><ul><li>No traffic priority (easy to flood the network). </li></ul><ul><li>Traffic can be injected, packets can be stolen or hijacked. </li></ul><ul><li>UDP (datagram based) offers no authentication. </li></ul><ul><li>TCP (connection based) offers weak authentication. </li></ul>
  10. 10. TCP/IP Weaknesses (cont.) <ul><li>No confidentiality (no encryption). </li></ul><ul><li>IP spoofing is easy (weak authentication), machines can lie about IP addresses. Routers can be tricked. Header checksums are not sufficient. </li></ul><ul><li>Checksums are easy to cheat (weak algorithm). </li></ul><ul><li>Three Way Handshake </li></ul><ul><li>However, TCP/IP is reliable, robust and the de-facto standard. </li></ul>
  11. 11. Some IP Based Attacks <ul><li>Network Sniffers (packet sniffing or eavesdropping): </li></ul><ul><li>Attack to Confidentiality </li></ul><ul><li>IP spoofing attacks : Masquarede </li></ul><ul><li>Connection hijacking : Attack to Integrity </li></ul><ul><li>Data Spoofing : Attack to Integrity </li></ul>
  12. 12. Some IP Based Attacks (cont.) <ul><li>To halt computers (disabling their intended use: </li></ul><ul><li>Attack to Availability Denial of Service </li></ul><ul><ul><li>WinNuke(Nuking) </li></ul></ul><ul><ul><li>TearDrop </li></ul></ul><ul><ul><li>Ssping </li></ul></ul><ul><ul><li>SYN Flooding </li></ul></ul><ul><ul><li>Smurf </li></ul></ul><ul><li>Attacks to Nameservice - DNS </li></ul><ul><ul><li>Client flooding </li></ul></ul><ul><ul><li>Bogus nameserver cache loading </li></ul></ul><ul><ul><li>Rogue DNS servers </li></ul></ul>
  13. 13. C ase S tudy : Attack on HTTP <ul><li>We can not restrict access if we have a Internet Site – WWW. A site (www.companyname.com) on a machine is open to attacks. </li></ul><ul><li>A computer having an IP address connects to our site. </li></ul><ul><li>Question : Is this IP correct? Can it be a masquerade? </li></ul><ul><li>TCP makes three-way handshake to establish a connection. Meanwhile the connection information must be kept on a buffer. </li></ul><ul><li>Question : What should be the buffer size? How long should the information be kept? </li></ul>
  14. 14. C ase S tudy: Syn Attack (cont.)
  15. 15. Case Study: Solutions <ul><li>Minimize the time that takes the sistem before emptying the connection information from the buffer. </li></ul><ul><li>Increase the buffer capacity. </li></ul><ul><li>Use Syn-cookies method. (This is used in Linux Systems) </li></ul><ul><li>Watch the LAN with security programs. </li></ul>
  16. 16. PROTECTION METHODS <ul><li>Network Security </li></ul><ul><ul><li>Know your weaknesses </li></ul></ul><ul><ul><li>Use encryption techniques </li></ul></ul><ul><ul><li>Protect your network from outside (firewall, router access list ... Etc) </li></ul></ul><ul><ul><li>Intrusion Detection, Network Monitoring </li></ul></ul><ul><ul><li>IP v6 ? </li></ul></ul><ul><ul><li>IPSec ? </li></ul></ul>
  17. 17. IPv6 (IPng) <ul><li>IPv6 is short for &quot;Internet Protocol Version 6&quot;. IPv6 is the &quot;next generation&quot; protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 (&quot;IPv4&quot;). </li></ul><ul><li>A larger address (128 bit): Most of today's internet uses IPv4, which is now nearly twenty years old. There is a growing shortage of IPv4 addresses </li></ul><ul><li>It also adds many improvements to IPv4 in areas such as routing and network autoconfiguration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a transition period. </li></ul><ul><li>Class of Service Improvements </li></ul><ul><li>Supports Encryption </li></ul><ul><li>For detailed IPv6 info http://www.ipv6.org </li></ul>
  18. 18. IPv6 versus IPv4 <ul><li>The major differences : </li></ul><ul><li>Extended and hierarchical address space - 128bits instead of 32bits and the hierarchical nature improve the efficiency of the network. </li></ul><ul><li>Plug and Play auto-configuration - Eases configuration, an enabler for IP in domestic appliances. </li></ul><ul><li>Built in support for IP Security . </li></ul><ul><li>Fixed length and simplified IP header - optimised for hardware implementation ( domestic appliances ) </li></ul><ul><li>Extension Headers - Aids streamlining, simplicity, flexibility and makes the protocol future-proof. </li></ul><ul><li>Improved support of Quality of Services, Multicast and Mobile IP. </li></ul>
  19. 19. IPsec <ul><li>IPsec protocols are designed to provide authentication, integrity and confidentiality services to both the current IP protocol (IPv4) and IPv6. </li></ul><ul><li>Benefits of IPSec </li></ul><ul><ul><li>IPSec is below the transport layer and thus transparent to applications </li></ul></ul><ul><ul><li>IPSec can be transparent to end users </li></ul></ul><ul><ul><li>IPSec can even provide security for individual users if needed. </li></ul></ul><ul><ul><li>IPSec is on its way becoming an Internet standard </li></ul></ul>
  20. 20. Discussion & Conclusion <ul><li>IP Security is a very important concern that must be taken into consideration seriously. To provide security in a WAN or LAN : </li></ul><ul><li>Encryption techniques must be standardizized. </li></ul><ul><li>Firewalls are a must for corparate networks. </li></ul><ul><li>Number of attacks are increasing day by day. It’s becouse TCP/IP became very popular, and there are a lot of people who are familiar with its strengths and weaknesses. </li></ul>
  21. 21. Discussion & Conclusion (continued) <ul><li>Watch out for New Attacks on the Net and take your precautions. </li></ul><ul><li>IPsec will provide authentication, integrity and confidentiality services but it will take more years for it to be put into use. </li></ul><ul><li>Using Network Monitoring Tools and careful Management is essential. </li></ul><ul><li>IPv6 and Ipsec will solve many of the problems. </li></ul>
  22. 22. <ul><li>THE END </li></ul><ul><li>Thank you very much for your kind attention </li></ul>