SlideShare a Scribd company logo

How Secure is TCP/IP - A review of Network Protocol

S
ssuserc49ec4

TCP/IP Security

Engineering
1 of 24
Download to read offline
Just how secure is the TCP/IP protocol? Andy Leigh Information Security Strategist BBC UK
What I will cover: Packet Networks • So, just what is TCP/IP? • Packets and circuits – a security comparison • How does an IP packet get from there to here? Security Primer • The whole security picture • The principles of good security • How hacks happen TCP/IP Security • General IP security issues • TCP specific security issues • Some Solutions Conclusions
So, just what is TCP/IP? TCP (IP Type = 6) UDP (IP Type = 17) ICMP (IP Type = 1) IP (Ethernet type = 0800) Ethernet Co-ax Fibre Twisted Pair ARP (Ethernet type = 0806) Echo Request (ping) POP3 (Port = 110) DNS (Port = 53) HTTP (Port = 80) L2 L3 L4 WAN link L1 L7 SDH link SNMP (Port = 161) 1 .. 1023, 1024 ..65535 1 .. 1023, 1024 ..65535
Wrapping up packets Web Data HTTP Header TCP Header IP Header Ethernet Header 64 Bytes to 1518 Bytes
Yes No No Global address self-assignable Yes Yes No Route decided by destination address Yes Yes No Public global addresses used IP=Yes, UDP=Yes, TCP=No No No Connectionless "letter" mode IP=N/A, UDP=N/A, TCP=Yes Yes No End "user" does setup/tear-down No No Yes Service Provider does setup/tear-down No No Yes Same route for weeks No Yes Yes Same route during the connection IP=N/A, UDP=N/A, TCP=Yes Yes Yes End-to-end connection tear-down IP=N/A, UDP=N/A, TCP=Yes Yes Yes End-to-end connection setup Packet (TCP/IP) Dialled Permanent Packets and circuits – comparing security features
How does an IP packet get from here to there? User Network card OS & IP stack Application Desktop Computer HW Software Data & destination address & port Network 1 NIC 5 OS & IP stack Router code Router HW Software destination address NIC 2 NIC 6 OS & IP stack Router code Router destination address NIC 8 Network2 Network3 Network card OS & IP stack Application Server Computer HW Software Data Inter-router protocol “End Systems” “Intermediate Systems”
The bigger security picture • Badly specified, designed, installed or operated technologies such as: – Misconfigured Intermediate Systems (routers, firewalls) – Weak network-glue (DNS, authentication systems) – Flawed or unpatched Operating Systems – Bug-ridden or unpatched applications, databases etc. • Badly trained and poorly informed end-users and support personnel • The attackers themselves TCP/IP is not to blame for many computer security issues We also need to consider:
The (simple) principles of good security 1. Never trust a network 2. Authenticate everything and everyone 3. Build systems to survive attacks
Saltzer & Schroeder’s 1975 principles DO NOT SHARE RESOURCES UNLESS YOU HAVE TO 1. Economy of mechanisms • keep design simple 2. Fail-safe defaults • “deny all” unless approved 3. Complete mediation • every access on every object checked for authority 4. Open design • don’t depend on obscurity 5. Separation of privilege • 2 separate keys (or devices) better than one 6. Least privilege • users and software operate with least privilege necessary to get the job done 7. Least common mechanism • minimise mount of kit shared by, or critical to, more than user 8. Psychological acceptability • make the process easy to use so people just accept it
How hacks happen – a refresher • Discovery and fingerprinting • Scanning for vulnerabilities • Analysing and looking for weaknesses • Gaining low-level access • Escalating to high-level access • Inserting a back-door • Cleaning up and exiting Some attacks exploit weak passwords (many don’t) It’s all over in minutes
General IP/UDP security issues • UDP is “stateless” and is easy to forge – But it’s needed for one-way streams and multicast • Checksums are not a security technology – Anyone can change the packet details or fake a packet and easily get the CRC correct – Each router has to change the IP checksum anyway to deal with hop- counts (TTL) • IP source addresses are not guaranteed to be correct – Anyone can send a packet with fake source address – IP addresses are therefore NOT a form of authentication • IP breaks packets into fragments if they are too big for the link – Higher-level headers carried only in the first fragment (second fragment may be something completely different) – Only end-stations are allowed to re-assemble
IP fragmentation UDP data UDP header UDP data UDP header IP header UDP data IP header
TCP specific security issues – TCP states • TCP states – Denial Of Service weaknesses – An established TCP connection is open “forever” unless keep- alive timers (optional) are invoked – SYN attacks – each incoming “SYN” packet hold a listen-queue connection open for 75 seconds – Double-ended synchronisation is possible NB these are all “flaws” in the original specification – most real-world Operating Systems have fixed the problems
The TCP finite-state-machine CLOSED LISTEN SYN_RCVD SYN_SENT ESTABLISHED CLOSING CLOSE_WAIT LAST_ACK FIN_WAIT_1 FIN_WAIT_2 TIME_WAIT Active Close Passive Close CLOSED Start Return to beginning Client States Server States
TCP specific security issues • Poor randomisation in the Initial Sequence Number – TCP’s handshake invokes a “random” Sequence Number which should be hard to guess – In practice many implementations have been very predictable – TCP-connection spoofing is therefore possible – Connection hijacking – RST Denial Of Service – FIN Denial Of Service
Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski Cisco’s IOS 12.2.10a
Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski OpenVMS V7.2
Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski MacOS X
Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski Win XP
Other “TCP/IP” security issues • Name-spoofing • Attacks against routing algorithms • ICMP “Redirect” DOS attack • ICMP “Destination Unreachable” DOS attack • SNMP • ARP spoofing
Solutions to TCP/IP’s problems • Re–write TCP/IP • Move to IPv6 – IPv6 Authentication Header – IPv6 ESP and Encryption Header • Use IPSec to secure point-to-point connections – Looks remarkably similar to IPv6 security solutions (AH, ESP) • “Harden” any common equipment & use application-level protection (e.g. SSL) – And follow good security operational practices • Build layered security using choke-points (e.g. using firewalls) …
Solutions to TCP/IP’s problems – Firewalls Positives • Stateful filtering firewalls – Watch the “state” of any connections to ensure they are valid – Can prevent most network attacks • Proxy firewalls – Don’t pass through packets (if well-built, are impervious to network attacks) – They communicate application-to-application Negatives • Firewalls cannot stop application-level attacks • They affect performance • Secure rules sometimes impossible in real-world • They don’t prevent snooping
Conclusions • Packet networks are inherently less secure than switched- circuit networks • There’s a great deal more to security than secure networking • The basic principles of good security: – Never trust a network – Always authenticate every transaction – Build systems to survive • IP and associated protocols have a number of security flaws • TCP has a number of inherent security flaws (which have been mitigated by most real-world implementations) • Firewalls, hardening, IPv6 and encryption can help Good security is essential, but can affect performance Broadcasters must agree amongst themselves good security standards
Thanks for Listening Any Questions?

Recommended

26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptsumita02
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptjepoy808
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptanakorang28
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYVinil Patel
 
26 security2
26 security226 security2
26 security2congiodiqua
 
Network security
Network securityNetwork security
Network securitysyed mehdi raza
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
Security attacks
Security attacksSecurity attacks
Security attacksTejaswi Potluri
 

Recommended

26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptsumita02
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptjepoy808
 
26-security2.ppt
26-security2.ppt26-security2.ppt
26-security2.pptanakorang28
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYVinil Patel
 
26 security2
26 security226 security2
26 security2congiodiqua
 
Network security
Network securityNetwork security
Network securitysyed mehdi raza
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
Security attacks
Security attacksSecurity attacks
Security attacksTejaswi Potluri
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slidesUs 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slidesOlli-Pekka Niemi
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutionseroglu
 
WIFI MODEM Part-22
WIFI MODEM Part-22WIFI MODEM Part-22
WIFI MODEM Part-22Techvilla
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04Ayano Midakso
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast EngineersKit Peters
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdfhelloraja
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdfhelloraja
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate EspionageUTD Computer Security Group
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.pptChandni Chandran
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.pptGauravSankhyan4
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.pptAnuarAbdikarimov1
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.pptAbrarAhmed331135
 
Introduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking TechnologyIntroduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking Technologyroykousik2020
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.pptMadhuSudhan599544
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocolsbabak danyal
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 
Networking.ppt
Networking.pptNetworking.ppt
Networking.pptMayurJagtap53
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 

More Related Content

Similar to How Secure is TCP/IP - A review of Network Protocol

Us 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slidesUs 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slidesOlli-Pekka Niemi
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutionseroglu
 
WIFI MODEM Part-22
WIFI MODEM Part-22WIFI MODEM Part-22
WIFI MODEM Part-22Techvilla
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar ALLCAD Services Pvt Limited
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast EngineersKit Peters
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdfhelloraja
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdfhelloraja
 
Introduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking TechnologyIntroduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking Technologyroykousik2020
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocolsbabak danyal
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferenceCengage Learning
 

Similar to How Secure is TCP/IP - A review of Network Protocol (20)

Us 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slidesUs 13-opi-evading-deep-inspection-for-fun-and-shell-slides
Us 13-opi-evading-deep-inspection-for-fun-and-shell-slides
 
Network security basics
Network security basicsNetwork security basics
Network security basics
 
T C P I P Weaknesses And Solutions
T C P I P Weaknesses And SolutionsT C P I P Weaknesses And Solutions
T C P I P Weaknesses And Solutions
 
WIFI MODEM Part-22
WIFI MODEM Part-22WIFI MODEM Part-22
WIFI MODEM Part-22
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar Overview of ip_security by JetArvind kumar Madhukar
Overview of ip_security by JetArvind kumar Madhukar
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast Engineers
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdf
 
Ismail TCP IP.pdf
Ismail TCP IP.pdfIsmail TCP IP.pdf
Ismail TCP IP.pdf
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate Espionage
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.ppt
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.ppt
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.ppt
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.ppt
 
Introduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking TechnologyIntroduction to TCP / IP in networking Technology
Introduction to TCP / IP in networking Technology
 
tcpip.ppt
tcpip.ppttcpip.ppt
tcpip.ppt
 
Vulnerabilities in IP Protocols
Vulnerabilities in IP ProtocolsVulnerabilities in IP Protocols
Vulnerabilities in IP Protocols
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Networking.ppt
Networking.pptNetworking.ppt
Networking.ppt
 

Recently uploaded

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 

Recently uploaded (20)

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 

How Secure is TCP/IP - A review of Network Protocol

  • 1. Just how secure is the TCP/IP protocol? Andy Leigh Information Security Strategist BBC UK
  • 2. What I will cover: Packet Networks • So, just what is TCP/IP? • Packets and circuits – a security comparison • How does an IP packet get from there to here? Security Primer • The whole security picture • The principles of good security • How hacks happen TCP/IP Security • General IP security issues • TCP specific security issues • Some Solutions Conclusions
  • 3. So, just what is TCP/IP? TCP (IP Type = 6) UDP (IP Type = 17) ICMP (IP Type = 1) IP (Ethernet type = 0800) Ethernet Co-ax Fibre Twisted Pair ARP (Ethernet type = 0806) Echo Request (ping) POP3 (Port = 110) DNS (Port = 53) HTTP (Port = 80) L2 L3 L4 WAN link L1 L7 SDH link SNMP (Port = 161) 1 .. 1023, 1024 ..65535 1 .. 1023, 1024 ..65535
  • 4. Wrapping up packets Web Data HTTP Header TCP Header IP Header Ethernet Header 64 Bytes to 1518 Bytes
  • 5. Yes No No Global address self-assignable Yes Yes No Route decided by destination address Yes Yes No Public global addresses used IP=Yes, UDP=Yes, TCP=No No No Connectionless "letter" mode IP=N/A, UDP=N/A, TCP=Yes Yes No End "user" does setup/tear-down No No Yes Service Provider does setup/tear-down No No Yes Same route for weeks No Yes Yes Same route during the connection IP=N/A, UDP=N/A, TCP=Yes Yes Yes End-to-end connection tear-down IP=N/A, UDP=N/A, TCP=Yes Yes Yes End-to-end connection setup Packet (TCP/IP) Dialled Permanent Packets and circuits – comparing security features
  • 6. How does an IP packet get from here to there? User Network card OS & IP stack Application Desktop Computer HW Software Data & destination address & port Network 1 NIC 5 OS & IP stack Router code Router HW Software destination address NIC 2 NIC 6 OS & IP stack Router code Router destination address NIC 8 Network2 Network3 Network card OS & IP stack Application Server Computer HW Software Data Inter-router protocol “End Systems” “Intermediate Systems”
  • 7. The bigger security picture • Badly specified, designed, installed or operated technologies such as: – Misconfigured Intermediate Systems (routers, firewalls) – Weak network-glue (DNS, authentication systems) – Flawed or unpatched Operating Systems – Bug-ridden or unpatched applications, databases etc. • Badly trained and poorly informed end-users and support personnel • The attackers themselves TCP/IP is not to blame for many computer security issues We also need to consider:
  • 8. The (simple) principles of good security 1. Never trust a network 2. Authenticate everything and everyone 3. Build systems to survive attacks
  • 9. Saltzer & Schroeder’s 1975 principles DO NOT SHARE RESOURCES UNLESS YOU HAVE TO 1. Economy of mechanisms • keep design simple 2. Fail-safe defaults • “deny all” unless approved 3. Complete mediation • every access on every object checked for authority 4. Open design • don’t depend on obscurity 5. Separation of privilege • 2 separate keys (or devices) better than one 6. Least privilege • users and software operate with least privilege necessary to get the job done 7. Least common mechanism • minimise mount of kit shared by, or critical to, more than user 8. Psychological acceptability • make the process easy to use so people just accept it
  • 10. How hacks happen – a refresher • Discovery and fingerprinting • Scanning for vulnerabilities • Analysing and looking for weaknesses • Gaining low-level access • Escalating to high-level access • Inserting a back-door • Cleaning up and exiting Some attacks exploit weak passwords (many don’t) It’s all over in minutes
  • 11. General IP/UDP security issues • UDP is “stateless” and is easy to forge – But it’s needed for one-way streams and multicast • Checksums are not a security technology – Anyone can change the packet details or fake a packet and easily get the CRC correct – Each router has to change the IP checksum anyway to deal with hop- counts (TTL) • IP source addresses are not guaranteed to be correct – Anyone can send a packet with fake source address – IP addresses are therefore NOT a form of authentication • IP breaks packets into fragments if they are too big for the link – Higher-level headers carried only in the first fragment (second fragment may be something completely different) – Only end-stations are allowed to re-assemble
  • 12. IP fragmentation UDP data UDP header UDP data UDP header IP header UDP data IP header
  • 13. TCP specific security issues – TCP states • TCP states – Denial Of Service weaknesses – An established TCP connection is open “forever” unless keep- alive timers (optional) are invoked – SYN attacks – each incoming “SYN” packet hold a listen-queue connection open for 75 seconds – Double-ended synchronisation is possible NB these are all “flaws” in the original specification – most real-world Operating Systems have fixed the problems
  • 14. The TCP finite-state-machine CLOSED LISTEN SYN_RCVD SYN_SENT ESTABLISHED CLOSING CLOSE_WAIT LAST_ACK FIN_WAIT_1 FIN_WAIT_2 TIME_WAIT Active Close Passive Close CLOSED Start Return to beginning Client States Server States
  • 15. TCP specific security issues • Poor randomisation in the Initial Sequence Number – TCP’s handshake invokes a “random” Sequence Number which should be hard to guess – In practice many implementations have been very predictable – TCP-connection spoofing is therefore possible – Connection hijacking – RST Denial Of Service – FIN Denial Of Service
  • 16. Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski Cisco’s IOS 12.2.10a
  • 17. Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski OpenVMS V7.2
  • 18. Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski MacOS X
  • 19. Some real world ISN “random numbers” From “Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later” by Michal Zalewski Win XP
  • 20. Other “TCP/IP” security issues • Name-spoofing • Attacks against routing algorithms • ICMP “Redirect” DOS attack • ICMP “Destination Unreachable” DOS attack • SNMP • ARP spoofing
  • 21. Solutions to TCP/IP’s problems • Re–write TCP/IP • Move to IPv6 – IPv6 Authentication Header – IPv6 ESP and Encryption Header • Use IPSec to secure point-to-point connections – Looks remarkably similar to IPv6 security solutions (AH, ESP) • “Harden” any common equipment & use application-level protection (e.g. SSL) – And follow good security operational practices • Build layered security using choke-points (e.g. using firewalls) …
  • 22. Solutions to TCP/IP’s problems – Firewalls Positives • Stateful filtering firewalls – Watch the “state” of any connections to ensure they are valid – Can prevent most network attacks • Proxy firewalls – Don’t pass through packets (if well-built, are impervious to network attacks) – They communicate application-to-application Negatives • Firewalls cannot stop application-level attacks • They affect performance • Secure rules sometimes impossible in real-world • They don’t prevent snooping
  • 23. Conclusions • Packet networks are inherently less secure than switched- circuit networks • There’s a great deal more to security than secure networking • The basic principles of good security: – Never trust a network – Always authenticate every transaction – Build systems to survive • IP and associated protocols have a number of security flaws • TCP has a number of inherent security flaws (which have been mitigated by most real-world implementations) • Firewalls, hardening, IPv6 and encryption can help Good security is essential, but can affect performance Broadcasters must agree amongst themselves good security standards