GWU CS 184 - IP and TCP Protocol Security (17 pages)

Previewing pages 1, 2, 3, 4, 5, 6 of 17 page document View the full content.
View Full Document

IP and TCP Protocol Security



Previewing pages 1, 2, 3, 4, 5, 6 of actual document.

View the full content.
View Full Document
View Full Document

IP and TCP Protocol Security

19 views


Pages:
17
School:
The George Washington University
Course:
Cs 184 - Computer Networks II

Unformatted text preview:

Network II CS 184 IP and TCP Protocol Security Department of Computer Science George Washington University Jonathan Stanton Spring 2003 Lecture 2 1 Relevant Reading Relevant reading Security Problems in the TCP IP Protocol Suite by Steve Bellovin Computer Communications Review Vol 19 No 2 pp 22 48 April 1989 Sequence Integrity using Hash Chains by Matt Barrie http www ee usyd edu au mattb 2001 lectures attacks pdf Bugtraq Mailing list http online securityfocus com popups forums bugtraq faq shtml Vulnerability Database http online securityfocus com bid Crypto Gram Newsletter http www counterpane com cryptogram html CERT Statistics http www cert org stats cert stats html Jonathan Stanton Spring 2003 Lecture 2 2 What are Network Security Risks Information disclosure IP addresses and DNS names of machines active ports network topology Connection Capture Man in the middle TCP connection capture Modified DNS replies DOS Network traffic DOS Ping SYN flood Jonathan Stanton Spring 2003 Lecture 2 3 In the News HTTP TRACE Cross Site Scripting flaw Standard but almost unknown part of HTTP protocol allows cookie stealing and impersonation attacks Microsoft MSSQL remote buffer overflow takes down Internet Bank of America ATMs XP Activation servers Sprint DSL modems have a remotely accessible admin user with the password 1234 Spaceballs reference anyone Wireless router being used to steal money from an Israeli Post Office bank Jonathan Stanton Spring 2003 Lecture 2 4 Security Bug Classification Network Security Bugs or Flaws can be divided into five classes Algorithm DES is flawed Protocol SSH or TCP is flawed Environmental NFS on Secure LAN vs insecure LAN Implementation OpenSSH v3 1 or FreeBSD 3 4 is flawed Conceptual Telnet sends passwords in the clear We will rarely discuss the first class that s crypto 101 The focus is on understanding and noticing the latter four Jonathan Stanton Spring 2003 Lecture 2 5 Protocol Flaws TCP Sequence number generation and increment Routing



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view IP and TCP Protocol Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view IP and TCP Protocol Security and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?