by Karun Subramanian
on September 11, 2015
There are several types of Network Security Attacks as described below:
-
SYN Flood
Here the attacker sends a SYN request from a spoofed source address. When the server responds with SYN-ACK, the source never replies back leaving the server handing with a half-open connection (Typically the client sends a SYN-ACK-ACK to complete the three way handshake). Half open connections consume resources eventually degrading the performance of the server.
CISCO routers employ ‘TCP Intercept’ and ‘CAR – Committed Access Rate’ features to combat SYN-FLOOD. You can also change the default setting for the ‘maximum number of half-open TCP connections’
-
UDP Flood
Here the server is flooded with UDP requests, degrading the performance of the Server
-
ICMP Flood
Here the Server is flooded with ‘echo’ requests (which is an ICMP request), degrading the performance of the Server.
It is best to drop ICMP packets at the router or Firewall.
-
Smurf
Here the attacker sends ICMP request packets to the broadcast address of the target network using a spoofed source address. The target responds with a echo request to all the hosts in the network, eventually overwhelming the network.
-
Fraggle
A flavor of Smurf attack which uses UDP Echo packets (UDP Port 7) instead of ICMP packets. Cisco routers can be configured to disable the TCP and UDP services (TCP and UDP small servers) to defend against Fraggle
-
Bluejacking and bluesnarfing
Here the Bluetooth enabled devices are attached. In Bluejacking, unsolicited messages are sent. In Bluesnarfing, personal information such as pictures and contacts, and cell phone information such as serial numbers are stolen.
Read More
by Karun Subramanian
on August 30, 2015
Wired Equivalent Privacy:
The intention of WEP (Wired Equivalent Privacy) was to provide the same level of security as in Wired Networks. But it fell short greatly.
WEP uses 128bit key (with 24 bit initialization vector) which is very easy to crack. It uses RC4 (Rivest Cipher 4) stream cipher.
Two modes:
Open Systems Authentication:
No need of credentials from the client. After the initial association with AP (Access Point), WEP encrypts the whole conversation.
Shared Key Authentication:
Requires Client to present credentials to connect to AP before the encryption beings.
WEP can be enhanced by using ssh or tunneling.
WiFi Protected Access (WPA and WPA2):
WPA uses TKIP(Temporal Key Integrity Protocol), a sequence counter to prevent replay attacks and a 64 bit message integrity check. It combines a secret root key with initialization vector.
WPA2 uses AES with Cipher Block chaining message Authentication code Protocol (CCMP).
Both WPA and WPA supports several EAP extensions such as EAP-TLS, EAP-TTLS (Tunneled Transport Layer Security) and Protected EPA (PEAPv0,v1)
by Karun Subramanian
on August 30, 2015
Commonly used VPN security technologies are:
- Point to Point Tunneling Protocol (PPTP)
- Layer2 Forwarding Protocol (L2F)
- Layer2 Tunneling Protocol (L2TP)
- IPSec
- SSL
Point to Point Tunneling Protocol (PPTP):
- Uses PAP, CHAP, EAP
- Typically used in dial-up connections in Windows platform
- Operates at Data Link Layer
Layer 2 forwarding Protocol (L2F):
- Developed by CISCO
- Similar to PPTP
- Operates at Data Link Layer
Layer 2 tunneling Protocol (L2TP)
Read More
by Karun Subramanian
on August 30, 2015
There are 5 major remote access security technologies
- RAS (Remote Access Service)
- Radius
- Diameter
- TACACS
RAS (Remote Access Service):
Uses PPP (Point to Point Protocol) to secure dial-in, ISDN and serial links. Uses the following authentication mechanisms.
PAP (Password Authentication Protocol):
- Two way hand shake
- Sends passwords in clear text
- No protection against replay or brute force attacks
CHAP (Challenge Handshake Protocol):
- Uses three way hand shake
- Both server and client need to have a shared secret preconfigured
- Shared secret is stored in clear text. MS-CHAP allows the shared secret to be stored in encrypted form
EAP (Extensible Authentication Protocol):
- Used primarily in Wireless networks
- Supports various authentication mechanisms like MD5-Challenge, S/Key, generic token card and digital Certificates
RADIUS (Remote Authentication Dial-In Service)
- Open-Source UDP based.
- Provides authentication and accountability
- Use provides username/password to a RADIUS client using PAP or CHAP. Radius client encrypts password and sends to RADIUS Server for authentication
DIAMETER
- Improved version of RADIUS
- Uses TCP. Supports IPSsec, TLS
TACACS (Terminal Access Controller Access Control System):
- Uses UDP. Provides Authentication, Authorization and Accountability
- XTACACS is an improved version but no longer used
- TACACS+ is the current version. Supports several authentication mechanisms – PAP,CHAP,MS-CHAP,EAP,KERBEROS,Token Cards
by Karun Subramanian
on August 29, 2015
Classifications of Firewalls:
- Packet Filtering
- Circuit Level Gateway
- Application Level Gateway
Architectures of Firewall:
- Screening Router
- Dual Homed Gateway
- Screened-Host Gateway
- Screened Subnet
Classification
|
Description
|
Advantages
|
Disadvantages
|
Packet Filtering
|
Basic. Operates at Network or Transport Layers. Examines TCP,IP,ICMP,UDP headers from the packet and routes based on a firewall ACL
|
- In expensive and Fast
- Easy to setup
- Transparent to users
|
- No Context level routing
- Can be hit by Spoofing
- Limited Logging
- No strong user authentication
|
Circuit Level Gateway
|
Operates at Session Layer. Uses state information about the established connections. Once the virtual circuit is formed, no packet analysis is done.
|
- Fast
- Low maintenance
|
- Limited Logging.
- Once connection is established, no further analysis is done
|
Application Level Gateway
|
Operates at Application Layer. Implemented as a Proxy Server.
|
- Supports Strong user authentication
- Data is not directly sent to the destination.
|
- Low performance because packet needs to be brought all the way up to Application layer for analysis
- High maintenance.
|
Architecture
|
Description
|
Advantages
|
Disadvantages
|
Screening Router
|
Basic Packet Filtering Firewall
|
- Cheap
- Transparent to users
|
- Makes internal Network structure complex
- No user authentication
- Single point of failure
|
Dual homed Gateway
|
It is bastion host with two network interface cards. It may be connected to an external screening router
|
- Fail safe mode. If it fails, nothing is allowed access
- Internal network structure is masked
|
- Additional auth required for users
- May slow down performance
- May not be available for all services.
|
Screened Host Gateway
|
External Screening router and internal Bastion Host.
|
- Transparent outbound access and restricted inbound access
|
- Screening router can by-pass the Bastion host
- Masking internal network is difficult
|
Screened subnet
|
Most secure. Forms a DMZ network between external and internal firewall
|
- Transparent, flexible
- Internal Network is masked
|
- Difficult to maintain
- Expensive
|
by Karun Subramanian
on August 29, 2015
Here are the protocols commonly used in higher levels (5,6,7 of the OSI model)
Layer 5 (Session):
- NetBIOS
- NFS
- RPC
- SSH
- SIP
Layer 6: (Presentation):
- ASCII
- ENCDIC
- MPEG
- JPG
- GIF
Layer 7 (Application):
- FTP,TFTP
- SNMP
- SMTP
- MIME, S/MIME
- HTTP,HTTPS,S-HTTP
- POP3,IMAP
- PEM
- TELNET
- S-RPC
by Karun Subramanian
on August 29, 2015
IP (Internet protocol) is a Network Layer protocol (Layer 3) that considered ‘routed’ protocol. It addresses the Network Packets so that routing protocols like OSPF,BGP and RIP can correctly route the packet.
IP defines the IP addresses. IP address is a 32 bit number (4 octets). It comprises of Network and Host numbers. The higher order bits define the Network number as shown below.
There are 5 classes of IP addresses:
Class
|
Leading bits
|
Size of network Number bit field
|
Size of rest bit field
|
Number of Networks
|
Addresses Per Network
|
Start address
|
End address
|
A
|
0
|
8
|
24
|
128 (27)
|
16,777,216 (224)
|
0.0.0.0
|
127.255.255.255
|
B
|
10
|
16
|
16
|
16,384 (214)
|
65,536 (216)
|
128.0.0.0
|
191.255.255.255
|
C
|
110
|
24
|
8
|
2,097,152 (221)
|
256 (28)
|
192.0.0.0
|
223.255.255.255
|
|
|
|
|
|
|
|
|
Class D is defined as Multicast. Address Range: 224 – 239
Class E is experimental. Address Range: 240 – 254
127.0.0.1 to 127.255.255.255 is defined as loop back address range.
Also, a range of IP addresses are reserved for Private use (i.e not routable in internet). They are
Class A
|
10.0.0.0 – 10.255.255.255
|
Class B
|
172.16.0.0 – 172.31.0.0
|
Class C
|
192.168.0.0 – 192.168.255.255
|
IPV6 uses 128 bit addresses and primarily introduced to address the depleting IPV4 addresses.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
by Karun Subramanian
on August 29, 2015
Open Shortest Path First (OSPF) Protocol:
It is a Link-State dynamic routing protocol used primarily in large networks. It routes packets within an AS (Autonomous System) – Interior gateway protocol (IGP). OSPF networks as assigned an Area identifier (32 bit length). The area identifier can be same as the IP address. OSPF can handle duplicate ip addresses without any conflict.
OSPF does not use UDP or TCP but rather directly encapsulated into IP datagrams.
OSPF areas include Backbone area (area 0), Stub area, not so stubby area (NSSA).
Border Gateway Protocol (BGP):
It is a path-vector based dynamic protocol that is widely used in ISP. It is an exterior gateway protocol (EGP)
by Karun Subramanian
on August 27, 2015
There are 5 major WAN technologies available
- Point to Point Link
- Circuit Switched Network
- Packet Switched Network
- High Level Data Link control (HDLC)
- Synchronous Data Link control (SDLC)
Point to Point Link
Uses a public career for establishing WAN connectivity
Technology |
Details |
SLIP (Serial Line IP) |
- Enables serial devices such as modems to connect to remote network
- Asynchronous
- Slow speed
- Little or no security
|
Point to Point Protocol (PPP) |
- Successor of SLIP
- Asynchronous and Synchronous operation
- More security features than SLIP
|
Point to Point tunneling protocol |
- Relies on PAP,CHAP or EAP to provide encryption
- Developed by Microsoft
- Used in VPNs
|
Layer 2 Forwarding protocol |
- Used in VPN with PPP
- Little or no security
- Developed by CISCO
|
Layer 2 Tunneling protocol |
- Used in VPN
- Uses IPSec for encryption
- Uses UDP port 1701
|
Circuit Switched Network
Read More
by Karun Subramanian
on August 23, 2015
Circuit
|
Speed
|
DS0
|
64 Kbits/Sec
|
DS1
|
1.544 Mbits/Sec or 2.048 Mbits/Sec
|
DS3
|
44.736 Mbits/Sec
|
T1
|
1.544 Mbits/Sec
|
T3
|
44.736 Mbits/Sec
|
E1 (Used in Europe)
|
2.048 Mbits/Sec
|
E3 (Used in Europe)
|
34.368 Mbits/Sec
|
OC-1 (Synchronous Optical WAN)
|
51.84 Mbits/Sec
|
OC-3 (Synchronous Optical WAN)
|
155.52 Mbits/Sec
|
OC-12 (Synchronous Optical WAN)
|
622.08 MbitsSec
|
OC-48 (Synchronous Optical WAN)
|
2.488 Gbits/Sec
|
OC-192 (Synchronous Optical WAN)
|
9.9 Gbits/Sec
|