
2/96

Network Security

Attacks, Services and Mechanisms

Security Attack:Any action that compromises the security of information.

Security Mechanism:A mechanism that is designed to detect, prevent,or recover from a security attack.

Security Service:A service that enhances the security of data processingsystems and information transfers. A security service makesuse of one or more security mechanisms.


3/96

Security Attacks

Inte

rruption: This is an attack on availability

Interception: This is an attack on confidentiality

Modification: This is an attack on integrity

Fabrication: This is an attack on authenticit


4/96

Security Attacks

Interruption: This is an attack on availability

Interception: This is an attack on confidentiality

Modification: This is an attack on integrity

Fabrication: This is an attack on authenticity


5/96

Taxonomy of network Security

Security

SecurityServices

CryptographyAlgorithms

Private Key(DES)

MessageDigest(MD5)

Privacy Authentication MessageIntegrity

Public Key(RSA)


6/96

An encryption scheme has five ingredients: Plaintext

Encryption algorithm Secret Key

Ciphertext

Decryption algorithm

Security depends on the secrecy of thekey, not the secrecy of the algorithm

Conventional EncryptionPrinciples


7/96

Conventional EncryptionPrinciples

Private key cryptography


8/96

Cryptography

Classified along three independentdimensions:

The type of operations used for transformingplaintext to ciphertext

The number of keys used symmetric (single key)

asymmetric (two-keys, or public-key encryption) The way in which the plaintext is processed


9/96

Average time required for

exhaustive key searchKey Size(bits)

Number ofAlternative Keys

Time required at106 Decryption/s

32 232 = 4.3 x 109 2.15 milliseconds

56 256 = 7.2 x 1016 10 hours

128 2128 = 3.4 x 1038 5.4 x 1018years

168 2168 = 3.7 x 1050 5.9 x 1030years


10/96

Secret Key Encryption: DES

DES encrypts a 64-bit block of plaintext into 64 bits ofciphertext using a 56-bit key

symmetric: both participants share a single secret key

64-bit plaintext blocks 64-bit key (56-bits + 8-bit parity) 16 rounds of encryption.Each 64-bit plaintext block is mangled in a sequence ofparameterized iterations to produce a 64-bit ciphertextblock.

Encrypt withSecret key

Decrypt withSecret key

Plaintext

cipher text

Plaintext


11/96


12/96


13/96


14/96


15/96


16/96

The overall processing at eachiteration:

Li= Ri-1

Ri = Li-1 F(Ri-1, Ki)

Concerns about: The algorithm and the key length(56-bits)

Secret Key Encryption: DES


17/96

Public-Key Cryptography

Principles The use of two keys has consequences in:

key distribution, confidentiality and

authentication. The scheme has six ingredients

Plaintext

Encryption algorithm

Public and private key Ciphertext

Decryption algorithm


18/96

Encryption using Public-Keysystem

Bob -------- data ---------- Alice


19/96

Authentication using Public-KeySystem

Bob Alice


20/96

Applications for Public-KeyCryptosystems

Three categories:

Encryption/decryption: The senderencrypts a message with the recipients

public key. Digital signature:The sender signs a

message with its private key.

Key exchange: Two sides cooperate toexhange a session key.


21/96

Requirements for Public-KeyCryptography

1. Computationally easy for a party B togenerate a pair (public key KUb, privatekey KRb)

2. Easy for sender to generateciphertext:

3. Easy for the receiver to decryptciphertect using private key:

)(MEC KUb

)]([)( MEDCDM KUbKRbKRb


22/96

Requirements for Public-KeyCryptography

4. Computationally infeasibleto determineprivate key (KRb) knowing public key (KUb)

5. Computationally infeasible to recover

message M, knowing KUb and ciphertext C6. Either of the two keys can be used for

encryption, with the other used fordecryption:

)]([)]([ MEDMEDM KRbKUbKUbKRb


23/96

The RSA AlgorithmKey Generation

1. Selectp,q pand qboth prime2. Calculate n= px q

3. Calculate4. Select integer e5. Calculate d6. Destroy (n)7. Public Key KU = {e,n}8. Private key KR = {d,n}

)1)(1()( qpn)(1;1)),(gcd( neen

)(mod1 ned


24/96

The RSA AlgorithmKey Generation: Finding the GCD


25/96



26/96



27/96


28/96

The RSA Algorithm -Encryption

Plaintext: M


29/96



30/96



31/96

The RSA Algorithm -Decryption

Ciphertext: C

Plaintext: M = Cd (mod n)


32/96

Prove that the Decryption Works

1. Since ed = 1 (mod )2. So, there exists a k such that

ed = 1 + k 3. Now, if gcd(m,p) = 1, then by Fermets theorem

mp-1 1 (mod p)4. Raising both sides to the power k(q-1) and multiplying by m

m1+k(p-1)(q-1) m (mod p)

5. med m (mod p)

6. Similarly, med m (mod q)

7. Since p and q are distinct primes, med m (mod n)8. Hence cd = (me)d m (mod n)


33/96

Example of RSA Algorithm


34/96


35/96

Issues with RSA

Potential issues with RSA:

Since, ed = 1 (mod ),

there exists en integer k, such thated= 1+k

If gcd(m,p) = 1, by Fermats theorem

m(p-1) \equiv


36/96

Issues with RSA

Potential issues with RSA:

1. The values M = 0 or M = 1 always produce ciphertexts equal to 0 or1 respectively, due to the properties of exponentiation.

2. When encrypting with low encryption exponents (e.g., e = 3) and

small values of the M, the (non-modular) result ofM

e

may bestrictly less than the modulus n. In this case, ciphertexts may beeasily decrypted by taking the eth root of the ciphertext with noregard to the modulus.

3. Because RSA encryption is a deterministic encryption algorithmi.e., has no random component an attacker can successfullylaunch a chosen plaintext attack against the cryptosystem,

building a dictionary by encrypting likely plaintexts under thepublic key, and storing the resulting ciphertexts. When matchingciphertexts are observed on a communication channel, theattacker can use this dictionary in order to learn the content of themessage.


37/96

Issues with RSA

To avoid these problems, practical RSAimplementations typically embed some form ofstructured, randomized padding into the valueM before encrypting it. This padding ensures

that M does not fall into the range of insecureplaintexts, and that a given message, oncepadded, will encrypt to one of a large numberof different possible ciphertexts. The latter

property can increase the cost of a dictionaryattack beyond the capabilities of a reasonableattacker.


38/96

Different algorithms compared


39/96

Authentication protocols

SK session key, thesubsequent transmissiontakes place with this key.

The permanent secret keyis exposed for few transm-issions.


40/96


A wants to talk to BS: authentication serverT: timestamp, like the

random number xL: lifetime

K: session key, K isnot valid after L time.

Kerberos was a three-headed dog who guarded the gates of Hades.


41/96


42/96



43/96

Authentication using Public-KeyCryptography

Directory

Bob

Alice

1. Give me EB

2. Certified EB

3. EB (A, RA)

4. Give me EA

5. Certified EA

6. EA (RA, RB , KS)

7. KS

(RB)


44/96

Message Integrity protocols

The sender and the receiver do not bother about the eavesdropper is ableto read the message, only worried that an imposter may send messages pre-tending to be coming from one of them.


45/96

Message digest

Cryptographic checksum:just as a regular checksumprotects the receiver from accidental changes to themessage, a cryptographic checksum protects thereceiver from malicious changes to the message.

One-way function:given a cryptographic checksum fora message, it is virtually impossible to figure out whatmessage produced that checksum; it is notcomputationally feasible to find two messages thathash to the same cryptographic checksum.

Relevance:if you are given a checksum for a message& you are able to compute exactly the same checksumfor that message, then it is highly likely this messageproduced the checksum you were given.


46/96

Message digest

Properties:

Given Mit is easy to compute MD(M)

Given MD(M), it is effectively impossible to find M

Given M no one can find a M such that MD(M) = MD(M)

A change in input of even 1 bit produces a very different

output


47/96

Message integrity protocol

Keyed MD5:1. Sender and receiver shares a secret key k2. Sender : m + MD5(m+k)3. Receiver: concatenates k with m m+k

applies MD5 on this and compares.

Or:Sender picks up a key k:m+MD5(m+k)+E(E(k,rcv_public),snd_private)

Receiver retrieves k with public key of sender toconfirm that it has been from sender indeed, andthen retrieves k deciphering with its own privatekey. Then compares the concatenated Checksum.


48/96

Message integrity protocol


49/96



50/96


Certificate:


51/96

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 7829 (0x1e95)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,

OU=Certification Services Division, CN=Thawte Server

CA/[email protected]

Validity Not Before: Jul 9 16:04:02 1998 GMT

Not After: Jul 9 16:04:02 1999 GMT

Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,

OU=FreeSoft, CN=www.freesoft.org/[email protected]

Subject Public Key Info: Public Key

Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:

b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:

c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:

b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f

Exponent: 65537 (0x10001)


93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:


52/96

P bli K Di t ib ti


53/96


P bli K I f t t (PKI)


54/96

Public Key Infrastructure (PKI)

Challenge: The authenticity of the public keys.

Attacks: Man-in-the-middle attack.

PKI: It is a secure system that is used to manage and control certificates.

PKI is an infrastructure It should function without the active intervention of the user.

A software in the users computer carries out the task.

PKI uses the technique of public key cryptography

This is used to eliminate the need of prior shared key as used in

private key cryptography



55/96

Public Key Infrastructure (PKI)SSL: Secure socket layer (TLS: Transport Layer Security)

An overview:

SSL session can be used for the purchase of goods online.

Alice (client) wants to buy something from Bob(server).

Steps:

1. Alice and Bob introduce themselves. No cryptographic tool is used. (Hello).

2. Here, Alice and Bob agree on the specific cryptographic algorithm

going to be used for the rest of the session.

3. Bob authenticates himself.

Sends Alice a certificate containing his Public Key PK signed by a certification

authority.

4. Alice verifies the CAs signature by using the public key of CA.5. Alice produces a random master secret MS.

6. Alice encrypts MS with the public key Bob.

7. Bob decrypts the master secret MS.

8. Bob generates K1 and K2 using a function on MS

9. Alice generates the same set K1 and K2 using the same function on MS.

10. K1 is used to authenticate data, K2 used for encryption and decryption.



56/96

Public Key Infrastructure (PKI)



57/96

Public Key Infrastructure (PKI)SSL: Secure socket layer

Only server is required to produce a certificate.

The server is only interested in the authenticity of the credit card number of the client.

The credit card number etc. are encrypted using a message authentication.

C tifi t


58/96

Certificates

X.509 certificates contain the following fields:

1. Version no: The current version of X.509 is 2.

2. Serial Number: A number assigned to each certificate. (a

unique number)

3. Signature: Algorithm used to sign the certificate including

the parameters, if any.

4. Issuer: Identifies the certification authority (country->state-

>organization->department ..so on.)

5. Period of validity: Earliest time and the latest time the

certificate is valid.

C tifi t


59/96

Certificates

6. Subject: Defines the entity to which the public key belongs.Contains the common name of the subject.

7. Subjects public key: Public key + the corresponding

algorithm along with its parameters

8. Issuer unique identifier: Optional. Allows two issuers to

have the same value if the issuer unique identifier is

different.

9. Subject Unique identifier: Optional.

10. Extension: Allows addition of more private information to

the certificate.11. Encrypted: Algorithm identifier + secure hash of other

fields + digital signature of the hash.

C tific t s


60/96

Certificates

X.509 certificates were originally defined using X.500

names for subject names.X.500 names have a hierarchical format, such as

where "C" denotes country, "O" denotes organization,

"OU" denotes organizational unit and "CN" denotes

common name. Subject names are actually encodednumerically, using object identifiers (OIDs). So, for

example, instead of containing the alphabetic string

"Microsoft," the certificate will contain a numerical OID

that stands for "Microsoft."


61/96

Global Naming Hierarchy

fddimib (73)

fddi (15)

dod (6)

internet (1)

directory (1) mgmt(2) experimental (3) private (4)

mib (1)

system (1) interfaces (2) transmission(10)

ccitt(0) iso (1) joint-iso-ccitt (2)

standard (0)

iso9314 (9314)

fddiMIB (1)

org (3)

fddi (8)

Internet SMI is this

subtree

Certificate:


62/96

Data:

Version: 1 (0x0)

Serial Number: 7829 (0x1e95)


Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=Certification Services Division, CN=Thawte Server

CA/[email protected]

Validity Not Before: Jul 9 16:04:02 1998 GMT

Not After: Jul 9 16:04:02 1999 GMT

Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,

OU=FreeSoft, CN=www.freesoft.org/[email protected]

Subject Public Key Info: Public Key

Algorithm: rsaEncryption

RSA Public Key: (1024 bit)

Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:

b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:

c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:

b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f

Exponent: 65537 (0x10001)


93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:

Certificate Revocation


63/96


When is it required?

When a certificate becomes invalid.

How does a certificate become invalid?

When the private key of the subject is compromised.

CRL: Certificate Revocation List

Contains the list of serial numbers of all certificates

that are revoked but not expired.

The CRL is signed by the CA for authenticity.



64/96


Delta CRLS:

CRLs are updated periodically, the expired certificates

are removed from the CRL, the newly discarded

certificates are added.

Used for updating the CRL. It contains the new

revocations that have occurred since the last CRL or

delta CRL was issued.

CRLs may be issued on monthly basis whereas thedelta CRLs are used on daily basis.

Trust Models


65/96

Trust Models

Certificate path:

Often a certificate will not be signed by a trusted CA.

Rather, it is necessary to follow a certificate path

from a trusted CA to a given certificate. Each

certificate in the path is signed by the owner of the

previous certificate in the path. By validating all the

certificates in the path, the user can be confident

that the last certificate in the path is valid.

Trust Models


66/96

Trust Models

What is a trust model?

It specifies rules which determines how a certificate path

should be constructed.

Strict Hierarchy


67/96

Strict Hierarchy

Strict Hierarchy


68/96

Strict Hierarchy

1. Root CA has a self-signed certificate.2. The root CA is called the trust anchor.

3. It is a directed graph, whose nodes are CAs and end users.

4. x y means entity corresponding to x has signed a certificate for

the entity y.

5. An end user is not allowed to sign a certificate of the end user.

Bob provides all the certificates to Alice:

Networked PKI


69/96

Networked PKI

Mesh configuration:

The strict hierarchy may work well within an organization

When the root CA s of two or more different PKI domains are

connected then it is called networked PKIs.

3. Often termed as Super-PKI consisting of users of different

domains

4. Cross-certification: A CA signs the certificate of another CA.

5. All root CAs cross-certify each other.

6. If there are n root CAs then n(n-1) cross certifications are

required.

7. The bi-directed edges indicate the cross-certification

Networked PKI


70/96

Networked PKI

1. Hub and spoke configuration.

2. Each root CA cross certify independently withthe hub-CA.

3. The cross-certifications required are 2n.

Networked PKI


71/96

Networked PKI

Certificate Path discovery:

Mesh:

Alice needs to validate Bobs certificate.

Trust anchor of Alice: CAroot(i) and that of Bob CAroot(j). Bob sends certificates from CAroot(j) to Bob.

CA root(i) and CAroot(j) has croos certified each other.

Alice finds the certificate of CAroot(j) from the directory

maintained by CAroot(i).

Now, Alice will be able to verify the certificates.

Networked PKI


72/96

Networked PKI

Certificate Path discovery:Hub and spoke:

Web browser model


73/96

Web browser model

1. Most web browsers come prepared with a set ofindependent root CAs.

2. All of them are trust anchors.

3. There is no cross certification between the root CAs.

4. The virtual root CA is the web brpwser.

Web browser model


74/96

Web browser model

Issues:

The user does not have any information about

these pre-configured root CAs.

2. No mechanism to revoke a root CA from the web

browser.

3. There is no legal relationship between the user

and the set of CAs provided by the web browser.

4. There is no mechanism to update root CAs.

Pretty Good Privacy


75/96

Pretty Good Privacy

1. Every user is his or her own CA.2. PGP certificate of a user contains

1. e-mail address ID,

2. public key PK

3. signature on (ID,PK).

Pretty Good Privacy


76/96

Pretty Good Privacy

3. Let Bob give his certificate to Alice4. Alice adds it to the list of signatures on her certificate

Alice keeps a collection of certificates in a data structure

called a keyring

Each certificate of the keyring is associated with

OTF = OWNER TRUST FIELD

KLF = key legitimacy field

KLF indicates whether a particular is regarded as valid byALICE

KLF = valid, marginally valid, invalid

Pretty Good Privacy


77/96

Pretty Good Privacy

Invalid key does not mean the key is invalid but it meansthat there is insufficient evidence to show that it is valid

OTF:

It indicates to which extent Alice trusts the key according

to her own judgement.

Implicitly trusted: Alices own OTF is implicitly trusted

Completely trusted:

Pretty Good Privacy


78/96

Pretty Good Privacy

Once the OTF of all the certificates are set by ALICE, theKLF can be computed as follows:

Pretty Good Privacy


79/96

Pretty Good Privacy

Example:Alices keyring:

Pretty Good Privacy


80/96

Pretty Good Privacy

Because Alice has signed Bob's and Janet's certificates

and Alice trusts her own signatures implicitly, Bob's and

Janet's keys are regarded as valid by Alice.

Because Bob has signed Charlie's and Fred's

certificates and Alice trusts Bob's signatures completely,Charlie's and Fred's keys are regarded as valid by Alice.

Because Janet has signed Doris's certificate and Alice

trusts Janet's signatures completely, Doris's key isregarded as valid by Alice.

Pretty Good Privacy


81/96

Pretty Good Privacy

Because Charlie and Fred have both signed Ginger's

certificate and Alice partially trusts both Charlie and

Fred, Ginger's key is regarded as valid by Alice.

Eve and Irene both have one signature from someonethat Alice partially trusts, so these keys are regarded by

Alice as marginally valid.

Harry has no signatures from anyone that Alice trusts atleast partially, so Harry's key is regarded as invalid by

Alice.

Pretty Good Privacy


82/96

Pretty Good Privacy

Not scalable

-Does not guarantee that it will detect forged certificates.

-No revocation mechanism

-The OTF is set by the user themselves.

A t d ATM


83/96

A case study: ATM

The ATM keypad contains a built-in tamper-proofmaster key kM known only to the machine and thehost computer.

As the ATM starts up:

Sends a new daily keykDencrypted with kM and

an initial transaction keykT encrypted with kM

The initial kT is used for the first transaction.

For later transactions a new kT is calculated fromkT= (kT) xor (last MAC sent by the ATM)

This is called chaining the key kT.

A t d ATM


84/96

A case study: ATM

It is done to make it impossible to record messagesfrom an ATM to its host machine and then playthem back at a later time.

At the later time the key kT will have altered since it isa function of kD and all the transactions that have

occurred since the last initial kT was loaded.A MAC (Message Authentication Code) used with an

ATM is a 64-bit number that is calculated from anunencrypted message by running it through DESwith key kD. The resulting 64-bit block is the MAC.

All transmissions are checked using a MAC. Ineffect the transaction key kT is itself subject toDES encryption.

A t d ATM


85/96

A case study: ATM

For each transaction on an ATM:

1. The account number and name are read from thecard; the PIN is entered. Let us call this the`message'.

Message = a/c cumber+ name+ PIN2. From this `message' a corresponding MAC is

calculated and then the `message' is encryptedusing kT. Next the encrypted `message' and theMAC are sent to the host computer.

MAC = DES (Message, kD )

A t d ATM


86/96

A case study: ATM

3. The host decrypts the encrypted `message' using kTto retrieve the `message'; the host then uses the`message' to calculate a MAC, and checks that thisis equal to the MAC sent with the encrypted`message'. [This authenticates the message ashaving come from the ATM.] The host then checksthe account details and PIN on its database, and ifeverything checks out correctly it then replies witha `go ahead' message encrypted with kT, and

followed by its own MAC.4. You enter the data for the transaction, and another`message' is constructed by the ATM, includingthe date, time, ATM number, a sequence number,and details of the transaction. This is encrypted by

the ATM using kT and sent (along with its MAC).

A t d ATM


87/96

A case study: ATM

5. After authenticating the MAC as before, and afterchecking the account balance etc., the host sendsas `OK to pay' message including the new balanceetc., again encrypted using kT and with its ownMAC. You get paid.

A t d ATM


88/96

A case study: ATM

ATM HostkM kM

At start up generate a key kD for the day and first kTE(kD,kM) + E(kT,kM)Message1= A/C No.+Name+PINMAC1=E(Message1,kD)MAC1+E(Mesage1,kT)

D(E(Message1,kT),kT)Message1MAC=(Message1,kD)if(MAC==MAC1)

{ check the PIN;Message2=Go aheadMAC2,E(Message2,kT)

}else /* abort*/

Checks message and MACMessage3= Date+time+ATM No.+seq no.

+Details of transactionkT=kT xor MAC1 kT=kT xor MAC1MAC3, E(Message3,kT) checks the MAC and Message

check the account balance

Message4=OK+new balanceMAC4+E(Message4,kT)

Check the message and MACPAY.

Chaining of kT

Check

Message

and MAC

ATM HostkM kMAt start up generate a key kD for the day

shared


89/96

and first kTE(kD,kM) + E(kT,kM) Host decrypts to findMessage1= A/C No.+Name+PIN KD and KTMAC1=E(Message1,kD)

MAC1+E(Mesage1,kT)D(E(Message1,kT),kT)Message1MAC=(Message1,kD)if(MAC==MAC1)

{ check the PIN;Message2=Go ahead

MAC2,E(Message2,kT)}else /* abort*/

Checks message and MACMessage3= Date+time+ATM No.+seq no.

+Details of transactionkT=kT xor MAC1 kT=kT xor MAC1

MAC3, E(Message3,kT) checks the MAC and Messagecheck the account balanceMessage4=OK+new balanceMAC4+E(Message4,kT)

Check the message and MACPAY.

Chaining of kT

Check

Message

and MAC

Fi lls


90/96

Firewalls

Definition:A specially programmed router sitting between a site and therest of the network.

Throw away incoming packets from a particular source (preventsdenial-of-service attack).

1. Throw away packets addressed to a particular IP/port.2. Not all security mechanisms are widely deployed.

3. A firewall allows a system administrator to implementsecurity mechanisms in a centralised place.

Two types of firewalls:a) Filter-based firewalls b) Proxy-based firewalls

Filt b s d Fi lls


91/96

Filter-based Firewalls

Configured with a table of addresses that characterize the packets theywill, or they will not, forward.

(192.12.13.14, 1234, 128.7.6.5, 80)

All packets from 192.12.13.14 and port 1234 addressed to 128.7.6.5 at

port 80 are filtered.(*, *, 128.7.6.5, 80) filter all packets destined for 128.7.6.5 at port 80.

Issues:

1. Blocking or non blocking: Block everything unless otherwise

mentioned(*,*, 128.7.6.5, 80) but allow this traffic.

2. Dynamic port selection: ftp uses a specific port for connection setup but uses different port for subsequent transfer of data. Sodynamic port selection is required for such situations.

Active ftp

1. The client's commandport contacts the

server's command


92/96

Active ftpport and sends the

command PORT 1027.

2. Server then sends

an ACK back to the

client's command port.

3. Server initiates a

connection on its local

data port to the data port

the client specified earlier

4. Client sends an ACK

back

Server side firewall:

1. FTP server's port 21 from anywhere (Client initiates connection)

2. FTP server's port 21 to ports > 1023 (Server responds to client's control port)

3. FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)

4. FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)

Client side firewall:

When server connects back

to the specified port on the

client (3), this appears to

be an outside system

initiating a connection to

an internal client--

something that is usually

blocked.

Passive ftp1 Client contacts the server on


93/96

Passive ftp1. Client contacts the server oncommand port and issues the

PASV command.

2. Server replies with PORT 2024.

3. Client initiates data connection.

4. Server sends back an ACKto the client's data port.

Server Side: Issue is the need to allow any remote connection

to high numbered ports on the server.

Proxy based Firewalls


94/96

Proxy-based Firewalls

A proxy is a process sitting between a client and the server. To serverproxy appears to be the client and to client proxy appears to bethe server.

A proxy needs application knowledge built into it.Proxy can implement a cache, so it responds to a request from the cache.

Transparent proxy: Not visible to the client.

Classical proxy: the source explicitly addresses the request to the proxy.

Proxy-based FirewallsR t


95/96

hello

Remotesite

Remotesite

InternetFirewall

Compan

y net

Web

server

External client Proxy Local server

External TCP/IP connection Internal TCP/IP connection

1. Proxy has to understand HTTP.2. It can cache pages.3. It can do some load balancing.4. They can be extended for other than HTTP.

Firewalls: limitations


96/96

Firewalls: limitations

Internal users are not protected against each other.

So mobile codes cannot be prevented from spreadinglocally.

Wireless communication is another vulnerability.

Network Security VII CN UNIT

Documents

Transcript of Network Security VII CN UNIT