TCP/IP from a Security StandpointTCP/IP Guru-ismWhy TCP/IP ?Physical LayerDial-upWAN and MANWAN and MAN (more)LANSlide 9ModemsISDNData Link LayerMedia Access ControlEthernetPPPLink Establishment SubversionMedia Access SubversionLogical Link ControlTCP/IP from a Security TCP/IP from a Security StandpointStandpointCS-480bCS-480bDick SteflikDick SteflikTCP/IP Guru-ismTCP/IP Guru-ismYou don’t have to know all of the You don’t have to know all of the detailsdetails•You do need to know your systemYou do need to know your systemWhat services it is providingWhat services it is providingWhat protocols are involvedWhat protocols are involvedWhat vulnerabilities is hasWhat vulnerabilities is has•How to minimize the risksHow to minimize the risksWhy TCP/IP ?Why TCP/IP ?Packet basedPacket basedProvides decentralized controlProvides decentralized controlDevices are peersDevices are peersIts routableIts routableIndependent of transmission mediumIndependent of transmission mediumOpen standardOpen standardFreeFreeRobustRobustFlexibleFlexiblePragmaticPragmaticPhysical LayerPhysical LayerThree major categories based on connection Three major categories based on connection behaviorbehavior•Dial-upDial-uptemporary point-to-pointtemporary point-to-point•WAN and MANWAN and MANpremanent point-to-pointpremanent point-to-point•LANLANtwo or more devices communicating over a shared two or more devices communicating over a shared broadcast media broadcast mediaDial-upDial-upDial-up (and modems)Dial-up (and modems)•Temporarily connected point-to-pointTemporarily connected point-to-point•uses telephone infrastructureuses telephone infrastructureaudio frequency modemsaudio frequency modems•vulnerabilitiesvulnerabilitiesCannot provide physical security along entire Cannot provide physical security along entire communications pathcommunications path•Cables are usually run through public infrastructure Cables are usually run through public infrastructure making physical security almost impossiblemaking physical security almost impossiblePeel back the insulation on the wire and connect Peel back the insulation on the wire and connect alligator clipsalligator clips•Telephone connection panel in basements of buildings Telephone connection panel in basements of buildings Easy to just clip on to the connectionsEasy to just clip on to the connectionsPunch panelsPunch panelsScrew terminal connectionsScrew terminal connectionsWAN and MANWAN and MANWAN and MANWAN and MAN•Constantly connected point-to-pointConstantly connected point-to-point•uses telephone backbone, microwave, radio, fiber opticuses telephone backbone, microwave, radio, fiber optic•dedicated digital leased linesdedicated digital leased linesspecially conditioned telephone lines (guaranteed quality)specially conditioned telephone lines (guaranteed quality)•56Kbps - 9.95 Gbps56Kbps - 9.95 GbpsT1 - 56KbpsT1 - 56KbpsT2 - 6.312 MbpsT2 - 6.312 MbpsT3 -44.736 MbpsT3 -44.736 MbpsOC1 51.84 MbpsOC1 51.84 MbpsOC48 - 2488 MbpsOC48 - 2488 MbpsOC192 - 9.95 GbpsOC192 - 9.95 GbpsCSU/DSU - Carrier Set Unit / Data Set Unit (connection device)CSU/DSU - Carrier Set Unit / Data Set Unit (connection device)can be routed like a layer 3 protocolcan be routed like a layer 3 protocolWAN and MAN (more)WAN and MAN (more)VulnerabilitiesVulnerabilities•Because much is done using radio and microwave links Because much is done using radio and microwave links interception by a third party is pretty easy (especially interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is radio), laser communication is harder to intercept but is overall less reliable due to environmental issuesoverall less reliable due to environmental issuesRemedy Remedy •Encrypt the data before placing it on an unsecured links Encrypt the data before placing it on an unsecured links like radio, microwave laserlike radio, microwave laserLANLANTwo or more network devices communicating over Two or more network devices communicating over a shared broadcast media a shared broadcast media •local area, shared communications mediumlocal area, shared communications mediumEthernet, Token-ring, FDDIEthernet, Token-ring, FDDIVulnerabilitiesVulnerabilities•Because much is done using radio and microwave links Because much is done using radio and microwave links interception by a third party is pretty easy (especially interception by a third party is pretty easy (especially radio), laser communication is harder to intercept but is radio), laser communication is harder to intercept but is overall less reliable due to environmental issuesoverall less reliable due to environmental issuesRemedy Remedy •Encrypt the data before placing it on an unsecured links Encrypt the data before placing it on an unsecured links like radio, microwave laserlike radio, microwave laserDial-upDial-upTemporary connectionsTemporary connections•Established as neededEstablished as needed•Cannot provide physical security along entire Cannot provide physical security along entire communications pathcommunications pathCables are usually run through public infrastructure making Cables are usually run through public infrastructure making physical security almost impossiblephysical security almost impossible•Peel back the insulation on the wire and connect alligator clipsPeel back the insulation on the wire and connect alligator clipsTelephone connection panel in basements of buildings Telephone connection panel in basements of buildings •Easy to just clip on to the connectionsEasy to just clip on to the connectionsPunch panelsPunch panelsScrew terminal connectionsScrew terminal connectionsModemsModemsConvert low speed digital signals to audio or Convert low speed digital signals to audio or phase encoded signals for transmission through phase encoded signals for transmission through the public access telephone system, the public access telephone system, Most consumer used modems work over Most consumer used modems work over unconditioned analog lines on the public access unconditioned analog lines on the public access telephone systemtelephone systemVulnerabilitiesVulnerabilities•Because of the public access, hard to secure against Because of the public access, hard to secure against physical
View Full Document