TCP/IP from a Security StandpointTCP/IP Guru-ismWhy TCP/IP ?Physical LayerDial-upWAN and MANWAN and MAN (more)LANSlide 9ModemsISDNData Link LayerMedia Access ControlEthernetPPPLink Establishment SubversionMedia Access SubversionLogical Link ControlTCP/IP from a Security TCP/IP from a Security StandpointStandpointCS-480bCS-480bDick SteflikDick SteflikTCP/IP Guru-ismTCP/IP Guru-ismYou don’t have to know all of the You don’t have to know all of the detailsdetails•You do need to know your systemYou do need to know your systemWhat services it is providingWhat services it is providingWhat protocols are involvedWhat protocols are involvedWhat vulnerabilities is hasWhat vulnerabilities is has•How to minimize the risksHow to minimize the risksWhy TCP/IP ?Why TCP/IP ?Packet basedPacket basedProvides decentralized controlProvides decentralized controlDevices are peersDevices are peersIts routableIts routableIndependent of transmission mediumIndependent of transmission mediumOpen standardOpen standardFreeFreeRobustRobustFlexibleFlexiblePragmaticPragmaticPhysical LayerPhysical LayerThree major categories based on connection Three major categories based on connection behaviorbehavior•Dial-upDial-uptemporary point-to-pointtemporary point-to-point•WAN and MANWAN and MANpremanent point-to-pointpremanent point-to-point•LANLANtwo or more devices communicating over a shared two or more devices communicating over a shared broadcast media broadcast mediaDial-upDial-upDial-up (and modems)Dial-up (and modems)•Temporarily connected point-to-pointTemporarily connected point-to-point•uses telephone infrastructureuses telephone infrastructureaudio frequency modemsaudio frequency modems•vulnerabilitiesvulnerabilitiesCannot provide physical security along entire Cannot provide physical security along entire communications pathcommunications path•Cables are usually run through public infrastructure Cables are usually run through public infrastructure making physical security almost impossiblemaking physical security almost impossiblePeel back the insulation on the wire and connect Peel back the insulation on the wire and connect alligator clipsalligator clips•Telephone connection panel in basements of buildings Telephone connection panel in basements of buildings Easy to just clip on to the connectionsEasy to just clip on to the connectionsPunch panelsPunch panelsScrew terminal connectionsScrew terminal connectionsWAN and MANWAN and MANWAN and MANWAN and MAN•Constantly connected point-to-pointConstantly connected point-to-point•uses telephone backbone, microwave, radio, fiber opticuses telephone backbone, microwave, radio, fiber optic•dedicated digital leased linesdedicated digital leased linesspecially conditioned telephone lines (guaranteed quality)specially conditioned telephone lines (guaranteed quality)•56Kbps - 9.95 Gbps56Kbps - 9.95 GbpsT1 - 56KbpsT1 - 56KbpsT2 - 6.312 MbpsT2 - 6.312 MbpsT3 -44.736 MbpsT3 -44.736 MbpsOC1 51.84 MbpsOC1 51.84 MbpsOC48 - 2488 MbpsOC48 - 2488 MbpsOC192 - 9.95 GbpsOC192 - 9.95 GbpsCSU/DSU - Carrier Set Unit / Data Set Unit (connection device)CSU/DSU - Carrier Set Unit / Data Set Unit (connection device)can be routed like a layer 3 protocolcan be routed like a layer 3 protocolWAN and MAN (more)WAN and MAN (more)VulnerabilitiesVulnerabilities•Because much is done using radio and microwave links Because much is done using radio and microwave links interception by a third party is pretty easy (especially interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is radio), laser communication is harder to intercept but is overall less reliable due to environmental issuesoverall less reliable due to environmental issuesRemedy Remedy •Encrypt the data before placing it on an unsecured links Encrypt the data before placing it on an unsecured links like radio, microwave laserlike radio, microwave laserLANLANTwo or more network devices communicating over Two or more network devices communicating over a shared broadcast media a shared broadcast media •local area, shared communications mediumlocal area, shared communications mediumEthernet, Token-ring, FDDIEthernet, Token-ring, FDDIVulnerabilitiesVulnerabilities•Because much is done using radio and microwave links Because much is done using radio and microwave links interception by a third party is pretty easy (especially interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is radio), laser communication is harder to intercept but is overall less reliable due to environmental issuesoverall less reliable due to environmental issuesRemedy Remedy •Encrypt the data before placing it on an unsecured links Encrypt the data before placing it on an unsecured links like radio, microwave laserlike radio, microwave laserDial-upDial-upTemporary connectionsTemporary connections•Established as neededEstablished as needed•Cannot provide physical security along entire Cannot provide physical security along entire communications pathcommunications pathCables are usually run through public infrastructure making Cables are usually run through public infrastructure making physical security almost impossiblephysical security almost impossible•Peel back the insulation on the wire and connect alligator clipsPeel back the insulation on the wire and connect alligator clipsTelephone connection panel in basements of buildings Telephone connection panel in basements of buildings •Easy to just clip on to the connectionsEasy to just clip on to the connectionsPunch panelsPunch panelsScrew terminal connectionsScrew terminal connectionsModemsModemsConvert low speed digital signals to audio or Convert low speed digital signals to audio or phase encoded signals for transmission through phase encoded signals for transmission through the public access telephone system, the public access telephone system, Most consumer used modems work over Most consumer used modems work over unconditioned analog lines on the public access unconditioned analog lines on the public access telephone systemtelephone systemVulnerabilitiesVulnerabilities•Because of the public access, hard to secure against Because of the public access, hard to secure against physical