IS 430 Chapter 6

SSID (Service Set Identifier)

identification of an access point; string of up to 32 characters chosen by access point admin

Network

Any collection of nodes (computer devices) that can communicate with one another over physical connections (links)

Link Types

Cable

Optical Fiber

Microwave

WiFi

Satellite

Cable

At most local level, all signals in an Ethernet or LAN are available on cable for anyone to intercept

Packet sniffer

retrieves all packets on its LAN

inductance

an intruder can tap a wire and read radiated signals without making physical contact with cable

sniffer

someone can connect to and intercept all traffic on a network.

Optical Fiber advantages

1) entire optical network must be tuned carefully each time new connection is made

2) optical fiber carries light energy, not electricity. Light does not create magnetic field as electricity does

Microwave

Microwave signals are not carried along a wire; they are broadcast through the air, making them more accessible to outsiders.

T/F Microwave is an insecure medium because the signal is so exposed.

True

Satellite Communication

Signals can be bounced of a satellite: from earth to the satellite and back to earth again.

Satellite Communication disadvantage

On return to earth, the wide dissemination radius, called the broadcast's footprint allows any antenna within range to obtain the signal without detection. Interception Risk greater than Microwave signals.

Microwave disadvantages

1) Require true visible alignment 2) because the curvature of earth interferes w transmission, microwave signals must be picked up and repeated to span long distances.

Wire Strengths & Weaknesses

Strength:

Widely used

Inexpensive

Weakness:

Susceptible to emanation

Susceptible to physical wiretapping

Optical fiber Strengths & Weaknesses

Strength

Immune to emanation

Difficult to wiretap

Weakness:

Potentially exposed to connection points

Micowave Strengths & Weaknesses

Strength

Strong signal; not affected by weather

Weaknesses

Exposed to interception along transmission

Requires line of sigh location

Signal needs to be repeated every 30 miles

Wireless Strengths & Weaknesses

Strengths

Widely available

Build into many computers

Weaknesses

Signal degrades over distance

signal intercept able in circular pattern around transmitter

Satellite Strengths & Weaknesses

Strengths

Strong fast signal

Weaknesses

Delay due to distance signals travels up down

Signal exposed over wide area at receiving end

protocols

allow a user to view the network at a high, abstract level of communication

protocol stack

a layered architecture for communications

router

at the network layer, sends the message from your network to a router on the network

packet

Together the network layer structure with destination address, source address and data

Every computer connected to network has a network interface card (NIC) with a unique physical address called

MAC address (Media Access Control)

A data-link layer structure with destination MAC, source MAC and data is called a

frame

T/F Routers direct traffic on a path that leads to a destination

True

Addressing

system for identifying senders and recipients at a layer within the network

Ports

locations software can listen for dedicated network traffic to service

Threats to Network Communications

Interception

Modification

Fabrication

Interruption

What makes a network vulnerable to interception?

Anonymity

Many points of attack

Sharing

System complexity

Unknown perimeter

Unknown path

Modification failures to which communications are vulnerable

Sequencing

Substitution

Insertion

Replay

Physical Replay

Sequencing

involves permuting the order of data. occurs when a later fragment of a data stream arrives before a previous one.

Substitution

replacement of one piece of a data stream with another

Insertion

one in which data values are inserted into a stream.

Replay

legitimate data are intercepted and reused, generally without modification

Physical replay

For example, guards are left looking an innocent image on a video camera.

Interruption techniques

Routing

Excessive Demand

Component Failure

Routing

Internet routing protocols are complicated and one misconfiguration can poison data of many routers

Excessive demand

network capacity is finite and can be exhausted; an attacker can generate enough demand to overwhelm a critical part of a network

Component Failture

will cause loss of service if not planned for

Port scanning tells an attacker three things

1) which standard port or services are running and responding on the target system

2) what operating system is installed

3) what applications and versions of applications are present

802.11 protocol suite

describes how devices communicate in the 2.4 GHz radio signal band allotted to WiFi.

Each frame contains three fields

MAC header, payload, and FCS(frame check sequence)

Management frames

control the establishment and handling of a series of data flows

A _____ advertises a network accepting connections

Beacon signal

Vulnerabilities in Wireless Networks

Confidentiality

Integrity

Availability

Confidentiality

if data signals are transmitted in the open, unintended recipients may be able to get the data

Integrity

Non malicious: Interference from other devices, loss or corruption of signal due to distance, reception problems, sporadic communication failures

Malicious: change content of communications

Availability

1) component of a wireless communication stops working because hardware fails

2) loss of some but not all access

3) the possibility of rogue network connection

war diving

searching for open wireless networks within range. (you only need a computer with a wireless network receiver)

Access involved three steps

1) access point broadcasts its availability by sending a beacon

2) a devices NIC responds with a request to authenticate

3) The devices's NIC requests establishment of an association

open mode

an access point continually broadcasts its SSID. client is quiet

close mode

a client mode a client continually broadcasts a request to connect to a given SSID from a given MAC address. leaved the client exposed

Wired Equivalent Privacy (WEP)

intended as a way for wireless communication to provide privacy equivalent to conventional wire communications

WEP Weaknesses

Weak Encryption key (allows either a 64- or 128-bit encryption key, but each key begins with 24-bit initialization vector)

Static Key (encryption shared between sender and receiver).

Weak Encryption process (key has an effective length of only 40 or 103 bits).

Weak Encryption Algorithm (does not use RC4 as encryption alg. directly, instead RC4 generates a long seq. of random numbers)

Initialization Vector Collisions

Fault Integrity check (uses well known alg.)

No authentication

Alternative to WEP

WiFi Protected Access

Temporal Key Integrity Protocol (TKIP)

A WPA encryption technology. Encryption key is changes automatically on each packet.

EAP (Extensible Authentication Protocol)

WPA employs this so authentication can be done by password, token, certificate, or other mechanism.

AES

Encryption algorithm by WPA2, it is a much stronger encryption algorithm because it uses a longer encryption key.

Setup for WPA

involves three protocol steps:

Authentication

four way handshake

optional group key handshake

WPA Integrity check

includes a 64-bit integrity check that is encrypted

Flaws in WPA

1) Man-in-the-Middle: The problem permitting this attack is that frames lack integrity protection.

2) Weakness in the authentication sequence.

Forward secrecy

protocol-level property that ensures compromising a long term key does NOT also compromise sessions keys.

Types of DoS Attacks

Volumetric attacks

Application-based attacks

Disabled communications

Hardware or software failure

a denial of service flooding attack can be termed

volumetric

three root threats to availability

- insufficient capacity

- blocked access

- unresponsive component

Spanning Tree Algorithm

essentially a map of the shortest route to each known destination in the network

how flooding attacks happen

insufficient resources (block access to a resource )

Insufficient capacity (attacks bandwidth greater than of victims)

ICMP (Internet Control Message Protocol)

ping

echo

destination unreachable

source quench

smurf attack

An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

echo-chargen

attack works between two hosts.

chargen

ICMP protocol that generates a stream of packets to test network capacity

echo

a host receiving an echo returns everything it received to sender

SYN Flood

This attack randomly opens TCP ports at the source of the attack and ties up the network equipment or computer with a large amount of false SYN requests.

Teardrop

A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments.

DNS Spoofing

attackers try to insert inaccurate entries into that cache so that future requests are redirected to an address the attacker has chosen.

Name server application software flaws

By overtaking a name server or causing it to cache spurious entries, an attacker can redirect the routing of any traffic.

top level domain attacks

these attacks attempt to deny service by limiting the system's ability to resolve addresses.

Session Hijack

attacker allows an interchange to begin between two parties but then diverts the communication. Attacker steals an established TCP connection by rewriting source and destination addresses.

DNS Cache poisoning

way to subvert the addressing to cause a DNS server to redirect clients to a specified address

countermeasure to DNS Cache poisoning

unpredictable series of sequence numbers, preferably drawn from a large range of possibilities

Distributed Denial-of-Service

change the balance between adversary and victim by marshaling many forces on the attack side.

To mount a DDos an attacker

1) wants to conscript an army of compromised machines to attack a victim. Each compromised system becomes a zombie.

bots

machines running pieces of malicious code under remote control

botnets

Number of bots are used for massive denial of service attacks

command and control centers

control individual bots, telling them when to start up and stop. Communication from the command-and-control center to the bots can be either pushed, with the center sending instructions to the bots or pulled with each bot responsible for calling home to a controller

people who infect machines to turn into bots

botmasters

malicious autonomous mobile agents

class of code for bots

Link Encryption

data is encrypted just before system places them on the physical communications link. In this case encryption occurs at layer 1 or 2 in the OSI model.

End-to-End Encryption

Provides security from one end of a transmission to the other.

Secure Shell

provides an authenticated, encrypted path to OS command line over the network.

SSL (Secure Sockets Layer)

protect communication between a web browser and server. Implemented at layer 4 (transport) and provides:

Server authentication

Client authentication

Encrypted communication

Ciphor suite consists of

a digital signature algorithm for authentication

An encryption alg. for confidentiality

A hash algorithm for integrity

Onion routing

prevents an eavesdropper from learning source, destination or content of data in transit in a network.

IPSec (Internet Protocol Security)

Designed to address fundamental shortcomings such as being subject to spoofing, eavesdropping and session hijacking.

Security association includes

Set of security parameters:

Encrypted algorithm and mode

Encryption key

Encryption parameters

authentication protocol and key

address of the opposite end of association

sensitivity level of protected data

Fundamental data structures of IPsec are

authentication header (AH)

encapsulated security payload (esp)

ESP

contains descriptors to tell a recipient how to interpret encrypted content

Internet Security Association and Key Management Protocol (ISAKMP)

requires that a distinct key be generated for each security association

With IPSec Confidentiality is achieved with

symmetric encryption

With IPSec authenticity is obtained with

asymmetric algorithm