Federal Urdu University, profile picture
Uploaded byFederal Urdu University
4,819 views

Network security at_osi_layers

The document summarizes network security at the seven layers of the OSI model. It describes attacks that can occur at each layer, from the application layer down to the physical layer. It also lists some common countermeasures that can be implemented at each layer to enhance security, such as virus scanners, encryption protocols, access control systems, and virtual private networks. Overall, implementing additional security controls and limiting unnecessary access helps strengthen defenses across all layers of the OSI model.

Downloaded 323 times
Network Security at OSI Layers Muhammad Muzammil Syed Zeeshan Nasir Department of computer science FUUAST, Islamabad 1-OSI Model: Network Routing and routable protocols such as IP and Open Shortest Path In 1983, the International Organization for First (OSPF). Path control Standardization (ISO) and the International and best effort at delivery Telegraph and Telephone Consultative Data link Network interface cards, Committee (CCITT) merged documents and Media Access Control (MAC) developed the OSI model, which is based on addresses, a specific hierarchy where each layer builds framing, formatting, and on the output of each adjacent layer. organizing data The OSI model is a protocol stack where the Physical Transmission media such as lower layers deal primarily with hardware, twisted-pair cabling, and the upper layers deal primarily with wireless systems, software. The OSI model’s seven layers are and fiber-optic cable designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown: Layers Functionality 1.2-Functions of OSI Model: Application Application support such as File Transfer Protocol (FTP), The OSI model functions as follows: Telnet, and 1. Information is introduced into the Hypertext Transfer Protocol application layer and passed down until it (HTTP) ends up at the physical layer. Presentation Encryption, Server Message 2. Next, it is transmitted over the physical Block (SMB), American medium (i.e., wire, coax, or wireless) and Standard Code sent to the target device. for Information Interchange 3. Once at the target device, it proceeds (ASCII), and formatting back up the stack to the application layer. Session Data flow control, startup, shutdown, and error detection/ Correction Transport End-to-end communications, UDP and TCP services
send data either quickly or reliably. 1.3-Explanation of Layers: Transport layer responsibilities include end- to-end error recovery and flow control. The The Application Layer: two primary protocols found on this layer Layer 7 is known as the application layer. include: Recognized as the official top layer of the • TCP A connection-oriented protocol; OSI model, this layer serves as the window provides reliable communication for application services. using handshake acknowledgments, error detection, and session The Presentation Layer: teardown. Layer 6 is known as the presentation layer. • UDP A connectionless protocol; The main purpose of the presentation layer offers speed and low overhead as its is to deliver and present data to the primary advantage. application layer. This data must be formatted so that the application layer can The Network Layer: understand and interpret it. The Layer 3 is known as the network layer, presentation layer is responsible for items which is fixed to software and deals with such as: packets. The network layer is the home of • Encryption and decryption of the IP, which offers best effort at delivery messages and seeks to find the best route from the • Compression and deCompression of source to the target network. Network- messages, format translation layer components include: • Handling protocol conversion • Routers • Stateless inspection/packet filters The Session Layer: Layer 5 is known as the session layer. Its The Data Link Layer: purpose is to allow two applications on Layer 2 is known as the data link layer and different computers to establish and is focused on traffic within a single local coordinate a session. It is also responsible area network (LAN).The data link layer for managing the session while information formats and organizes the data before and data are being moved. When a data sending it to the physical layer. Because it is transfer is complete, the session layer tears a physical scheme, hard-coded Mandatory down the session. Session-layer protocols Access Control (MAC) addresses are include: typically used. The data link layer organizes • Remote Procedure Call (RPC) the data into frames. When a frame reaches • Structured Query Language (SQL) the target device, the data link layer strips off the data frame and passes the data The Transport Layer: packet up to the network layer. Data-link- Layer 4 is known as the transport layer. layer components include: Whereas the application, presentation, and • Bridges session layers are primarily concerned with • Switches data, the transport layer is focused on • Network Interface Card (NIC) segments. Depending on the application • MAC addresses protocol being used, the transport layer can
The Physical Layer: Layer 1 of the OSI model is known as the Telnet: physical layer. Bit-level communication Telnet is a TCP shell service that takes place at layer 1. Bits have no defined operates on port 23.Telnet enables a client meaning on the wire; however, the physical at one site to establish a session with a host layer defines how long each bit lasts and at another site. The program passes the how it is transmitted and received. Physical information typed at the client’s keyboard layer components include copper cabling, to the host computer system. While Telnet fiber cabling, wireless system components, can be configured to allow unidentified and Ethernet hubs. The physical layer in this connections, it should also be configured to book has been extended to include: require usernames and passwords. • Perimeter security Unfortunately, even then, Telnet sends • Device Security them in clear text. When a user is logged in, • Identification and authentication he or she can perform any allowed task. Simple Mail Transfer Protocol (SMTP): This application is a TCP service that 2-Attacks at OSI operates on port 25, and is designed to Layers: exchange electronic mail between networked systems. Messages sent through SMTP have two parts: an address header Let see the attacks on all layers of OSI and the message text. All types of Model. computers can exchange messages with The Application Layer: SMTP. Spoofing and spamming are two of Most of the applications listed in this the vulnerabilities associated with SMTP. section are totally insecure because they were written for a different time. Here’s a Domain Name Service (DNS): short list of some of the insecure This application operates on port 53, applications and high-level protocols: and performs address translation. DNS converts fully qualified domain names FTP: (FQDNs) into a numeric IP address and FTP is a TCP service that operates on converts IP addresses into FQDNs. DNS uses ports 20 and 21 and is used to move files UDP for DNS queries and TCP for zone from one computer to another. Port 20 is transfers. DNS is subject to poisoning and if used for the data stream, and transfers the misconfigured, can be solicited to perform a data between the client and the server. Port full zone transfer. 21 is the control stream, and is used to pass commands between the client and the FTP Trivial File Transfer Protocol (TFTP): server. Attacks on FTP target misconfigured TFTP operates on port 69, and is directory permissions and compromised or a connectionless version of FTP that uses sniffed clear text passwords. FTP is one of UDP to reduce overhead and reliability. It the most commonly hacked services. connectionless version of FTP that uses UDP to reduce overhead and reliability. It does
so without TCP session management or proved to be an example of weak authentication, which can pose a big encryption (i.e., many passwords encrypted security risk. It is used to transfer router with this system could be cracked in less configuration files and to configure cable than 1 second because of the way Microsoft modems. People hacking those cable stored the hashed passwords). modems are known as uncappers. An NTLM password is uppercase, padded to 14 characters, and divided into Hypertext Transfer Protocol (HTTP): seven character parts. The two hashed HTTP is a TCP service that operates on results are concatenated and stored as a port 80. HTTP helped make the Web the LAN Manager (LM) hash, which is stored in popular service that it is today. The HTTP the SAM. The session layer is also connection model is known as a stateless vulnerable to attacks such as session connection. HTTP uses a request response hijacking. Network Basic Input/output protocol where a client sends a request and System (NetBIOS) is another service located a server sends a response. Attacks that in this area of the stack. exploit HTTP can target the server, browser, NetBIOS was developed for IBM and or scripts that run on the browser. Nimda is adopted by Microsoft, and has become an an example of the code that targeted a Web industry standard. It allows applications on server. different systems to communicate through the LAN. On LANs, hosts using NetBIOS Simple Network Management Protocol systems identify themselves using a 15- (SNMP): character unique name. Since NetBIOS is SNMP is a UDP service that operates non-routable, Microsoft adapted it to run on ports 161 and 162, and was designed to over Transmission Control Protocol/Internet be an efficient and inexpensive way to Protocol (TCP/IP). monitor networks. The SNMP protocol NetBIOS is used in conjunction with allows agents to gather information (e.g., SMB, which allows for the remote access of network statistics) and report back to their shared directories and files. This key feature management stations. Some of the security of Windows makes file and print sharing problems that plague SNMP are caused by and the Network Neighborhood possible. It the fact that community strings are passed also introduced other potential as cleartext and the default community vulnerabilities into the stack by giving strings (public/private) are well known. attackers the ability to enumerate systems SNMP version 3 is the most current and and gather user names and accounts, and offers encryption for more robust security. share information. Almost every script kiddie and junior league hacker has The Session Layer: exploited the net use command. There is a weakness in the security controls at the presentation and session The Transport Layer: layers. Let’s look at the Windows NT The transport layer is common with LanMan (NTLM) authentication system. vulnerabilities, because it is the home of Originally developed for Windows systems UDP and TCP. Because UDP is and then revised for Windows NT post connectionless, it’s open for attackers to service pack 2 systems, this security control use for a host of denial of service (DoS)
attacks. It’s also easy to spoof and requires no confirmation.TCP is another used and abused protocol. Port scanning and TCP The Physical Layer: make the hacker trade possible. An attacker gaining access to the Before a hacker can launch an attack, telecommunications closet, an open port in he or she must know what is running and the conference room, or an unused office, what to target.TCP makes this possible. could be the foothold needed to breach the From illegal flag settings, NULL, and XMAS, network or, even worse, gain physical to more common synchronous (SYN) and access to a server or piece of equipment. reset (RST) scans, TCP helps attackers It’s a generally accepted fact that if identify services and operating systems. someone gains physical access to an item, they can control it. The Network Layer: At the network level are services such as IP and ICMP. IPv4 has no security services 3-Countermeasures built in, which is why Secure Internet Found in Each Layer: Protocol (IPSec) (a component of IPv6) was developed. Without IPSec, IP can be Security countermeasures are the targeted for many types of attacks (e.g., controls used to protect the confidentiality, DOS), abused through source routing, and integrity, and availability of data and tricked into zombie scanning “IPID Scan.” information systems. While ICMP was developed for diagnostics There is a wide array of security and to help with logical errors, it is also the controls available at every layer of the target of misuse. ICMP can be used to stack. Overall security can be greatly launch Smurf DoS attacks or can be enhanced by adding additional security subverted to become a covert channel with measures, removing unneeded services, programs such as Loki. hardening systems, and limiting access. The Data Link Layer: • Virus Scanners: Antivirus programs The dangers are real at the data link can use one or more techniques to layer. Conversion from logical to physical check files and applications for addressing must be done between the viruses. While virus programs didn’t network and data link layers. Address exist as a concept until 1984, they Resolution Protocol (ARP) resolves logical to are now a persistent and constant physical addresses. problem, which makes maintaining While critical for communication, it is antivirus software a requirement. also used by attackers to bypass switches These programs use a variety of and monitor traffic, which is known as ARP techniques to scan and detect poisoning. Even without ARP poisoning, viruses, including signature passive sniffing can be a powerful tool if the scanning, heuristic scanning, attacker positions himself or herself in the integrity checks, and activity right place on the network. blocking.
• Pretty Good Privacy (PGP): In 1991, • Secure Electronic Transmission Phil Zimmerman initially developed (SET): SET is a protocol standard that PGP as a free e-mail security was developed by MasterCard, VISA, application, which also made it and others to allow users to make possible to encrypt files and folders. secure transactions over the PGP works by using a public-private Internet. It features digital key system that uses the certificates and digital signatures, International Data Encryption and uses of Secure Sockets Layer Algorithm (IDEA) algorithm to (SSL). encrypt files and email messages. • Terminal Access Controller Access • Secure Multipurpose Internet Mail Control System (TACACS): Available Extensions (S/MIME): S/MME in several variations, including secures e-mail by using X.509 TACACS, Extended TACACS certificates for authentication. The (XTACACS), and TACACS+.TACACS is Public Key Cryptographic Standard is a centralized access control system used to provide encryption, and can that provides authentication, work in one of two modes: signed authorization, and auditing (AAA) and enveloped. Signing provides functions. integrity and authentication. • Kerberos: Kerberos is a network Enveloped provides confidentiality, authentication protocol created by authentication, and integrity. the Massachusetts Institute of • Privacy Enhanced Mail (PEM): PEM Technology (MIT) that uses secret- is an older e-mail security standard key cryptography and facilitates that provides encryption, single sign-on. Kerberos has three authentication, and X.509 parts: a client, a server, and a certificate-based key management. trusted third party to mediate • Secure Shell (SSH): SSH is a secure between them. application layer program with • SSL: Netscape Communications different security capabilities than Corp. initially developed SSL to FTP and Telnet. Like the two provide security and privacy aforementioned programs, SSH between clients and servers over the allows users to remotely log into Internet. It’s application- computers and access and move independent and can be used with files. The design of SSH means that HTTP, FTP, and Telnet. SSL uses no clear text usernames/passwords Rivest, Shamir, & Adleman (RSA) can be sent across the wire. All of public key cryptography and is the information flowing between capable of client authentication, the client and the server is server authentication, and encrypted, which means network encrypted SSL connection. security is greatly enhanced. Packets • Transport Layer Security (TLS): TLS can still be sniffed but the is similar to SSL in that it is information within the packets is application independent. It consists encrypted. of two sub layers: the TLS record
protocol and the TLS handshake 128-bit keys. A 24-bit Initialization protocol. Vector (IV) is used to provide • Windows Sockets (SOCKS): SOCKS is randomness; therefore, the “real a security protocol developed and key” may be no more than 40 bits established by Internet standard RFC long. There have been many proven 1928. It allows client-server attacks based on the weaknesses of applications to work behind a WEP. firewall and utilize their security • Wi-Fi Protected Access (WPA): WPA features. was developed as a replacement for • IPSec: IPSec is the most widely used WEP. It delivers a more robust level standard for protecting IP of security.WPA uses Temporal Key datagram’s. Since IPSec can be Integrity Protocol (TKIP), which applied below the application layer, scrambles the keys using a hashing it can be used by any or all algorithm and adds an integrity- applications and is transparent to checking feature that verifies that end users. It can be used in channel the keys haven’t been tampered mode or transport mode. with. Next, WPA improves on WEP • Point-to-point Tunneling Protocol by increasing the IV from 24 bits to (PPTP): Developed by a group of 48 bits.WPA also prevents rollover vendors including Microsoft, 3Com, (i.e., key reuse is less likely to occur). and Ascend, PPTP is comprised of Finally, WPA uses a different secret two components: the transport that key for each packet. maintains the virtual connection and • Packet Filters: Packet filtering is the encryption that insures configured through access control confidentiality. PPTP is widely used lists (ACLs). ACL’s allow rule sets to for virtual private networks (VPNs). be built that will allow or block • Challenge Handshake traffic based on header information. Authentication Protocol (CHAP): As traffic passes through the router, CHAP is an improvement over each packet is compared to the rule previous authentication protocols set and a decision is made whether such as Password Authentication the packet will be permitted or Protocol (PAP) where passwords are denied. sent in clear text. CHAP uses a • Network Address Translation (NAT): predefined secret and a pseudo NAT can be used to translate random value that is used only once. between private and public This facilitates security because the addresses. PrivateIP addresses are value is not reused and the hash those considered non-routable (i.e., cannot be reversed-engineered. public Internet routers will not route • Wired Equivalent Privacy (WEP): traffic to or from addresses in these While not perfect, WEP attempts to ranges). add some measure of security to • Fiber Cable: The type of wireless networking. It is based on transmission media used can make a the RC4 symmetric encryption difference in security. Fiber is much standard and uses either 64-bit or more secure than wired alternatives
and unsecured wireless transmission Authentication is the process of proving methods. your identity. Various authentication • Secure Coding: It is more cost- schemes have been developed over the effective to build secure code up years and can be divided into three broad front than to try and go back and fix categories: it later. Just making the change from • Something You Know Passwords C to a language such as .NET or • Something You Have Tokens, smart CSharp can have a big security cards, and certificates • Something You Are Biometrics impact. The drive for profits and the additional time that QA for security would introduce, causes many companies to not invest in secure code. 5- Defending the Data-Link Layer: 4-Defending the Protocol define at this layer provide security. Physical Layer: Ethernet LAN Security: There is no security protocol that will The Ethernet LAN has many security defend physical layer, but several natural weaknesses when facing attacks externally methods are utilized to perform our job. and internally. Security measures must be taken to ensure a secured environment for The security controls on physical layer communications ever the Ethernet LAN. The have three primary goals: following are some key risks in an Ethernet • Deter (Discourage): Two methods LAN: used to deter intruders are security lighting and “Beware of Dog” signs. • The primary weakness with Ethernet • Delay: Some of the techniques used is that it is a broadcast system. Every to delay an intruder include fences, message sent out by any computer gates, locks, access controls, and on an Ethernet LAN segment mantraps. reaches all parts of that segment • Detect: Two systems used to detect and potentially could be read by any intruders are intrusion detection computer on the segment. Sniffing systems (IDSes) and alarms. type programs can record, read and analyze all the messages on a Physical security focuses on intruders segment. Actually others can read and thieves. Some main concern to security your password and subsequently are follow: login to any account. They can also Identification and Authentication: change the information and forge Identification is the process of totally different messages. identifying yourself, and is commonly • Peer-to-Peer networking systems performed by entering a username. (both Windows and Macintosh
AppleTalk) for Workgroups allow snooper" is on one side of a bridge people on the network to share files or router they will not see any traffic and printers, which open up your passing between computers on the files to anyone using another other side of the filter. computer in the group. • Lan Security Architecture (LSA): a • Some applications, such as FTP proprietary technique where twisted program which allows you to get pair hubs inspect incoming files from and send files to another messages and will only transmit computer, may have an option in them unscrambled to the their configuration which allows destination computer. All other other computers to get into your computers on the hub receive computer and have access to your scrambled messages. files while the program is running. • It is relatively easy in an Ethernet Software Solutions for Ethernet LAN LAN to fake an Email message and Security other messages which purports to come from someone else. It is also • Encryption: Encrypting the data possible to fake a login session by passing between your computer and recording a legitimate one and its destination. There are many running the recording later on. encryption technologies and product available which effective protect There are many hardware and software information and data privacy. The solutions to address the above Ethernet popular encryption methods used LAN security issues: are PGP (Pretty Good Privacy). • Authentication: Use user name and Hardware Solutions for Ethernet LAN password to authenticate users. It is Security necessary to encrypt the password and implement timestamps making • Use a switched network: A switch forgery extremely difficult. can segregate a network into many • Combination technologies: Many parts which can effectively new technologies are available preventing snooping and sniffing on which doing both authentication a network. These switches also and encryption. One of such reduce network traffic by limiting technologies is Kerberos which uses messages to only the parts of the tokens, timestamps, tickets and network on which they are needed encryption to make transactions to improve the efficiency of the between computers secure. whole network. • Bridges and Routers: Bridges and routers are electronic filters which only pass a network message through themselves if the destination lies on the other side of VLAN: Virtual Local Area Network and IEEE the filter. Consequently if "the 802.1Q
Virtual LAN (VLAN) refers to a group of Passwords logically networked devices on one or more Sensitive information LANs that are configured so that they can Information gathering communicate as if they were attached to • Broadcast Attacks the same wire, when in fact they are • Man-In-the-Middle (MIM) Attack: located on a number of different LAN Man-in-the-Middle (MIM) is a very common segments. Because VLANs are based on type of attack, in which an attacker inserts logical instead of physical connections, it is his computer between the communication very flexible for user/host management, paths of two target computers by Sniffs bandwidth allocation and resource packets from Network, modified them and optimization. then insert them back into the Network. • Denial of Services (DoS) Attack: There are the following types of Virtual A “Denial of Service (DoS)” attack is a flood LANs: of packets that consumes network resources and causes deadlock. 1. Port-Based VLAN: each physical • Session Hijacking: switch port is configured with an Session Hijacking is a process by which an access list specifying membership in attacker sees/ listen an active TCP a set of VLANs. connection between two other hosts and 2. MAC-based VLAN: a switch is then insert fake packets (in one or both configured with an access list directions) and takes control of the mapping individual MAC addresses connection. This method is similar to the to VLAN membership. MIM attack. 3. ATM VLAN - using LAN Emulation • Sniffing (Passwords, Sensitive (LANE) protocol to map Ethernet Information and Information packets into ATM cells and deliver Gathering): them to their destination by Sniffing is a process of monitoring all converting an Ethernet MAC address information or reading the packets that are into an ATM address. being transmitted on a network. An attacker can sniff network traffic and ARP: can also passively intercept network traffic. Address Resolution Protocol Then, through packet analysis, he might be Types of ARP Attacks: able to determine login IDs and passwords There are many ways an attacker can gain and collect other sensitive data. There are access or exploit your system. It is not so many tools available for Sniffing like important how attacker gain access into the Hunt, Sniffit, Ettercap, Snort and Dsniff. system. Once the intruder breaks into your system he can use it according to his way. They work as follows: Following are some types of attacks that a) Ethernet was built around a "shared" can be resulted from ARP Spoofing: principle: all machines on a local network • Man-in-the-Middle (MIM) share the same wire. • Denial of Services (DoS) b) This implies that all machines are able to • Session Hijacking "see" all the traffic on the same wire. • Sniffing
c) Thus, Ethernet hardware is built with a key security risks at the Network Layer "filter" that ignores all traffic that doesn't associated with the IP: belong to it. It does this by ignoring all frames whose MAC address doesn't match. • IP Spoofing: The intruder sends • Broadcast Attacks: messages to a host with an IP This technique is used to send a large address (not its own IP address) amount of ICMP echo request (Ping) traffic indicating that the message is to all known IP broadcast addresses with coming from a trusted host to gain the spoofed source address of the victim. un-authorized access to the host or other hosts. To engage in IP spoofing, a hacker must first use a Strategy to overcome the constraints: variety of techniques to find an IP address of a trusted host and then • Network Analyzer Tools and modify the packet headers so that it Sniffers: appears that the packets are coming It allows you to inspect network from that host. traffic at every level of the network stack in • Routing (RIP) attacks : Routing various degrees of detail. Information Protocol (RIP) is used to • Encryption: distribute routing information within Encryption is an effective way to networks, such as shortest-paths, defend against Sniffing and ARP Spoofing. and advertising routes out from the Encryption prevents any non-authorized local network. RIP has no built in party from reading or changing data. authentication, and the information • Intrusion Detection Systems (IDS): provided in a RIP packet is often IDS identify attacker’s attempts to used without verifying it attack or break into the network and • ICMP Attacks: ICMP is used by the IP misuse it. IDSs may monitor packets passing layer to send one-way informational over the network, monitor system files, messages to a host. There is no monitor log files, or set up deception authentication in ICMP, which leads systems that attempt to trap hackers. Port to attacks using ICMP that can result Scans and Denial-of-Service Attacks are an in a denial of service, or allowing the ongoing threat. attacker to intercept packets. Denial of service attacks primarily use either the ICMP "Time exceeded" or 6- Defending the Network Layer: "Destination unreachable" message. Both of these ICMP messages can Every layer of communication has its cause a host to immediately drop a own unique security challenges. The connection Network Layer is especially weak for many • PING Flood (ICMP Flood): PING is Denial of Service attacks and information one of the most common uses of privacy problems. The most popular ICMP which sends an ICMP "Echo protocol used in the network layer is IP Request" to a host, and waits for (Internet Protocol). The following are the that host to send back an ICMP "Echo Reply" message. Attacker
simply sends a huge number of connectionless integrity, data origin "ICMP Echo Requests" to the victim authentication, rejection of replayed to cause its system crash or slow packets (a form of partial sequence down. This is an easy attack because integrity), confidentiality (encryption), and many ping utilities support this limited traffic flow confidentiality. Because operation, and the hacker doesn't these services are provided at the IP layer, need much knowledge. they can be used by any higher layer • Packet Sniffing: Because most protocol, e.g., TCP, UDP, ICMP, BGP, etc. network applications distribute network packets in clear text, a These objectives are met through the use of packet sniffer can provide its user two traffic security protocols, the with meaningful and often sensitive Authentication Header (AH) and the information, such as user account Encapsulating Security Payload (ESP), and names and passwords. A packet through the use of cryptographic key sniffer can provide an attacker with management procedures and information that is queried from the protocols. The set of IPSec protocols database, as well as the user employed in any context, and the ways in account names and passwords used which they are employed, will be to access the database. This cause determined by the security and system serious information privacy requirements of users, applications, and/or problems as well as tools for crimes. sites/organizations. IPSec: Internet Protocol Security (IPSec) is a Protocol Structure: protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPSec provides security services at the network layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPSec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. The set of security services that IPSec can provide includes access control,
7- Defending the providing endpoint authentication Transport Layer: and encryption. One faulty SSL client implementation Microsoft I Explorer, allows for transparent SSL The transport Layer is especially weak for attacks. SSL that would warn the the Denial of Service (DOS) attack or user about problems with the server Distributed Denial of Service (DDOS) attack. certificate. Two most popular protocols used in the • TCP Connecting Hijacking is also transport layer are TCP (Transmission known as Man-in-the-Middle attack. Control Protocol) and UDP (User Datagram With this attack, an attacker can Protocol). The following are the key security allow normal authentication to risks at the Transport Layer associated with proceed between the two hosts, and TCP and UDP: then seize control of the connection. There are two possible ways to do • TCP "SYN" attack is also known as this: one is during the TCP three-way SYN Flooding. It takes advantage of a handshake, and the other is in the flaw in how most hosts implement middle of an established connection. the TCP three-way handshake. • UDP Flood Attack: UDP is a When Host B receives the SYN connectionless protocol and it does request from A, it must keep track of not require any connection setup the partially opened connection in a procedure to transfer data. A UDP "listen queue" for at least 75 Flood Attack is possible when an seconds. Many implementations can attacker sends a UDP packet to a only keep track of a very limited random port on the victim system. number of connections. A malicious When the victim system receives a host can exploit the small size of the UDP packet, it will determine what listen queue by sending multiple application is waiting on the SYN requests to a host, but never destination port. When it realizes replying to the SYN&ACK the other that there is no application that is host sends back. By doing so, the waiting on the port, it will generate other host's listen queue is quickly an ICMP packet of destination filled up, and it will stop accepting unreachable to the forged source new connections, until a partially address. If enough UDP packets are opened connection in the queue is delivered to ports on victim, the completed or times out. This ability system will go down. of removing a host from the network for at least 75 seconds can The three-way handshake: in Transmission be used as a denial-of-service attack, or it can be used as a tool to Control Protocol is the method used to implement other attacks, like IP establish and tear down network Spoofing. • SSL Man-in-the-Middle Attacks: connections. This handshaking technique is SSL/TLS was supposed to mitigate referred to as the 3-way handshake or as that risk for web transactions by
"SYN-SYN-ACK" (or more accurately SYN, store sensitive data such as medical SYN-ACK, ACK). The TCP handshaking information, or collect confidential mechanism is designed so that two information from the users on the network, computers attempting to communicate can and can also be used by other businesses negotiate the parameters of the network that want to secure network connections connection before beginning between the client and the server. communication. Transport Layer Security involves the use of • Host A sends a TCP SYNchronize an encryption system which utilizes a digital packet to Host B certificate which is formulated to identify • Host B receives A's SYN • Host B sends a SYNchronize- the network owner, as well as create public ACKnowledgement keys that are used to encrypt • Host A receives B's SYN-ACK • Host A sends ACKnowledge communications over the network. The • Host B receives ACK. TCP connection certificate is installed on the portion of the is ESTABLISHED. server that requires encryption. When the client logs onto the network, a Transport Layer Security: message is sent to the server that identifies Transport Layer Security provides a way for the client. The server will then return a you to create a secure network connection message and list the cryptographic methods between a client and a server by encrypting that are to be used for communication to the connection between both entities. ensure the client and the server are Transport Layer Security is similar to communicating in the same language. Security Socket Layers because both • Different Types of Transport Layer protocols provide security for applications Security such as email, Instant Messaging, Web There are several different types of browsing, VoIP (Voice over Internet Transport Layer Security depending upon Protocol). the encryption requirements for the Transport Layer Security is used within organization. organizations that use payment processes,
• Web Server Transport Layer 8- Defending the Security: This type of encryption Session Layer: protects the data when the client connects to the Internet to send data through a Web browser or Protocols that assist it are discussed. website. The TLS encryption provides a secure Web server and NetBIOS: prevents the data from being NetBIOS is a protocol that Microsoft intercepted by an unauthorized Windows systems use to share user. resources. For example, if a PC • Email Server Transport Layer running Windows wants to connect Security: To secure to and access a share on a file communications between the server, it probably uses NetBIOS. email client and the server, a SMB, the method used to access file digital certificate is installed on and printer shares, can also run the email server to provide encrypted communications when independently of NetBIOS over TCP sending and receiving confidential ports 139 and 445. Both of these information via email. approaches, however, tend to increase the attack surface of a • Virtual Private Network Security: network. Transport Layer Security works to secure a virtual private network The ports that we’d have to open to appliance by installing a digital certificate on the VPN appliance the Internet are UDP/137, UDP/138, that provides an encrypted and TCP/139. Unfortunately, the connection between the remote most popular attacker target is user and the network that they NetBIOS and against these ports. are accessing. Once an attacker discovers an active • Database and Directory Security: Organizations deploy Transport port 139 on a device, he can run Layer Security to encrypt server NBSTAT to begin the very important queries for databases and first step of an attack—foot printing. directories that contain sensitive With the NBSTAT command, he can data and information obtain some or all of the following information: • Computer name • Contents of the remote name cache, including IP addresses
• A list of local NetBIOS names o Perform malware scanning • A list of names resolved by on end user stations after broadcast or via WINS decryption. o Use message content • Contents of the session table scanners specifically with the destination IP designed to check the addresses content of encrypted. Defending against external NetBIOS connections 10-Defending the • Disabling the system’s ability to Application Layer: support null sessions • Defining very strong passwords for the local administrator accounts 1. SMTP: Simple Mail Transfer Protocol • Defining very strong passwords for shares, assuming you absolutely Simple Mail Transfer Protocol (SMTP) is a have to have shares on exposed protocol designed to transfer electronic systems mail reliably and efficiently. SMTP is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification 9-Defending the regarding incoming mail. Presentation Layer: SMTP is independent of the particular transmission subsystem and requires only a S/MIME security: reliable ordered data stream channel. An important feature of SMTP is its capability S/MIME support is one of Outlook's to transport mail across networks, usually unheralded important features. It gives you referred to as "SMTP mail relaying". Using end-to-end protection: SMTP, a process can transfer mail to another process on the same network or to • S/MIME is tailored for end to end some other network via a relay or gateway security. Encryption will not only process accessible to both networks. encrypt your messages, but also malware. Thus if your mail is In this way, a mail message may pass scanned for malware anywhere but through a number of intermediate relay or at the end points, such as your gateway hosts on its path from sender to company's gateway, encryption will ultimate recipient. The Mail eXchanger defeat the detector and successfully mechanisms of the domain name system deliver the malware. Solutions: are used to identify the appropriate next- hop destination for a message being transported.
• Security: node that contains an SNMP agent and that resides on a managed network. Managed One of the ways to restrict access to devices collect and store management an outgoing mail server is to verify information and make this information that the computer is on the ISP's available to NMSs using SNMP. Managed local network. When you dial your devices, sometimes called network modem and connect to your ISP, elements, can be routers and access your computer is given an IP address servers, switches and bridges, hubs, that identifies you as being a part of computer hosts, or printers. An agent is a that ISP's network. If you have two network management software module ISPs and dial up to one and then that resides in a managed device. An agent connect to the other's mail server, it has local knowledge of management may prevent you from relaying mail information and translates that information because your computer is not into a form compatible with SNMP. An NMS identified as being on the local executes applications that monitor and network for the provider whose mail control managed devices. server you are sending through. In this case, you should try to use the • SNMP v1 Basic Operations and SMTP server for the provider you Features have used to dial up and connect to • SNMP v2 Additional Operations the Internet. • SNMP v3 Security Enhancement Why Security is Important in SNMP: 2. SNMP: Simple Network Management Protocol The need for security in SNMP is obvious because the MIB objects being Simple Network Management Protocol communicated contain critical information (SNMP) is the protocol developed to about network devices. We don't want just manage nodes (servers, workstations, anyone “snooping” into our network to find routers, switches and hubs etc.) on an IP out our IP addresses, or how long our network. SNMP enables network machines have been running, or whether administrators to manage network our links are down, or pretty much anything performance, find and solve network else. problems, and plan for network growth. Network management systems learn of 3. DHCP problems by receiving traps or change notices from network devices implementing DHCP spoofing SNMP. DHCP spoofing is a type of attack on DHCP An SNMP managed network consists of server to obtain IP addresses using spoofed three key components: managed devices, DHCP messages. In the cases where the agents, and network-management systems DHCP server is on a remote network, and an (NMSs). A managed device is a network IP address is required to access the
network, but since the DHCP server supplies when requesting a DHCP IP address and the IP address, the requester is at an thus is not able to access the network. impasse. To supply access to the network, DHCP starvation may be purely a denial of when the Pipeline receives a DHCP Discover service (DoS) mechanism or may be used in packet (a request for an IP address from a conjunction with a malicious rogue server PC on the network), it responds with a attack to redirect traffic to a malicious DHCP Offer packet containing the computer ready to intercept traffic. configured (spoofed) IP address and a renewal time, which is set to a few seconds. When the normal DHCP server is down, the The requester then has access to the DHCP network attacker can then set up a rogue server and gets a real IP address. (Other DHCP server on his or her system and variations exist in environments where the respond to new DHCP requests from clients APP server utility is running.) on the network. An intruder may issue an address with DNS server information or DHCP Starvation default gateway information that redirects traffic to a computer under the control of A DHCP starvation attack works by the intruder. broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with DHCP Starvation Attack Mitigation attack tools such as gobbler. If enough requests are sent, the network attacker can By limiting the number of MAC addresses exhaust the address space available to the on a switch port will reduce the risk of DHCP servers for a period of time. This is a DHCP starvation attack. When more simple resource starvation attack just like a systems implement the RFC 3118, SYN flood is a starvation attack. The Authentication for DHCP Messages, DHCP network attacker can then set up a rogue starvation attacks will become more DHCP server on his or her system and difficulty. respond to new DHCP requests from clients on the network. Exhausting all of the DHCP Adding Security to DHCP addresses is not required to introduce a rogue DHCP server, though. Since DHCP runs over UDP and IP, one could use IPSec at layer three to provide authentication. DHCP Starvation Attack DHCP starvation attack works by 4. FTP: File Transfer Protocol broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with File Transfer Protocol (FTP) enables file attack tools such as gobbler. If enough sharing between hosts. FTP uses TCP to requests are sent, the network attacker can create a virtual connection for control exhaust the address space available to the information and then creates a separate DHCP servers for a period of time. TCP connection for data transfers. The Subsequently, a legitimate user is denied control connection uses an image of the
TELNET protocol to exchange commands sensitive information should be and messages between hosts. transferred with SFTP . The key functions of FTP are: 1) To promote sharing of files (computer programs and/or data), S-FTP, or Secure FTP, S/FTP 2) To encourage indirect or implicit (via programs) use of remote computers, Secure FTP (S-FTP or S/FTP) is the enhanced version of the File Transfer Protocol (FTP) 3) To shield a user from variations in file with security features. Mainly, S-FTP adds storage systems among hosts, and encryption to the FTP contents which is send in clear text in the original FTP version. 4) To transfer data reliably and efficiently. S-FTP is available on almost all operating FTP, though usable directly by a user at a systems including Windows, UNIX, and terminal, is designed mainly for use by Macintosh. programs. 5. Hypertext Transfer Protocol Secure FTP has little security protection when (HTTPS) performing file transfer: both user password and the data are exposed to HTTP is a combination of the Hypertext public. To make the file transfer more Transfer Protocol with the SSL/TLS secure, some enhancements have been protocol to provide encryption and made on the FTP, including SFTP SSH secure (website security testing) protected FTP and BBFTP. identification of the server. • The data that is transferred, it should only be used to transfer small S-HTTP: Secure Hypertext Transfer (1-10KB) files containing sensitive Protocol data. Large files that do not contain sensitive information should be Secure HTTP (S-HTTP) is a secure message- transferred via a method that does oriented communications protocol not encrypt data. designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's • SSH protected FTP: This transfer messaging model and to be easily method encrypts the password integrated with HTTP applications. information but does NOT encrypt the data being transferred. As a Secure HTTP provides a variety of security result, it should only be used to mechanisms to HTTP clients and servers, transfer large (and small) files that providing the security service options do NOT contain sensitive appropriate to the wide range of potential information. File that contains end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric
capabilities to both client and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. 11- References: • Web Sites • http://www.infosecwriters.com • http://www.javvin.com • http://www.spamlaws.com • http://www.inetdaemon.com • http://blogs.techrepublic.com.com • http://en.wikipedia.org • Books • Hack The Stack • Network Management Fundamental • Network Security Essential

More Related Content

PDF
The Data Link Layer
byadil raja
 
PPTX
MAC-Message Authentication Codes
byDarshanPatil82
 
PPTX
Tcp
byVarsha Kumar
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PDF
Classical encryption techniques
byDr.Florence Dayana
 
PPTX
Parallel algorithms
byDanish Javed
 
PPTX
Check sum
byPooja Jaiswal
 
PPTX
Loop optimization
byVivek Gandhi
 
The Data Link Layer
byadil raja
 
MAC-Message Authentication Codes
byDarshanPatil82
 
Tcp
byVarsha Kumar
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Classical encryption techniques
byDr.Florence Dayana
 
Parallel algorithms
byDanish Javed
 
Check sum
byPooja Jaiswal
 
Loop optimization
byVivek Gandhi
 

What's hot

PPTX
Point to-point protocol (ppp)
byKongu Engineering College, Perundurai, Erode
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
byRAMESHBABU311293
 
PDF
IP Security
byDr.Florence Dayana
 
PPTX
Cryptography and Information Security
byDr Naim R Kidwai
 
PPTX
Public Key Cryptography
byGopal Sakarkar
 
PDF
Multithreading
byDr. A. B. Shinde
 
PPTX
Semantic net in AI
byShahDhruv21
 
PDF
MD-5 : Algorithm
bySahil Kureel
 
PPTX
Idea(international data encryption algorithm)
bySAurabh PRajapati
 
PPT
Intermediate code generation (Compiler Design)
byTasif Tanzim
 
PPTX
Cryptographic algorithms
byAnamika Singh
 
PPT
Type Checking(Compiler Design) #ShareThisIfYouLike
byUnited International University
 
PDF
Problem Characteristics in Artificial Intelligence
byBharat Bhushan
 
PPTX
MACs based on Hash Functions, MACs based on Block Ciphers
byMaitree Patel
 
PDF
Agreement Protocols, distributed File Systems, Distributed Shared Memory
bySHIKHA GAUTAM
 
PPT
Arp and rarp
byराहुल खेडेकर
 
PPTX
Diffie Hellman Key Exchange
bySAURABHDHAGE6
 
PPTX
Error control
byBhupendra sahu
 
PPTX
Modern Block Cipher- Modern Symmetric-Key Cipher
byMahbubur Rahman
 
PPSX
Flow Control
byselvakumar_b1985
 
Point to-point protocol (ppp)
byKongu Engineering College, Perundurai, Erode
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
byRAMESHBABU311293
 
IP Security
byDr.Florence Dayana
 
Cryptography and Information Security
byDr Naim R Kidwai
 
Public Key Cryptography
byGopal Sakarkar
 
Multithreading
byDr. A. B. Shinde
 
Semantic net in AI
byShahDhruv21
 
MD-5 : Algorithm
bySahil Kureel
 
Idea(international data encryption algorithm)
bySAurabh PRajapati
 
Intermediate code generation (Compiler Design)
byTasif Tanzim
 
Cryptographic algorithms
byAnamika Singh
 
Type Checking(Compiler Design) #ShareThisIfYouLike
byUnited International University
 
Problem Characteristics in Artificial Intelligence
byBharat Bhushan
 
MACs based on Hash Functions, MACs based on Block Ciphers
byMaitree Patel
 
Agreement Protocols, distributed File Systems, Distributed Shared Memory
bySHIKHA GAUTAM
 
Arp and rarp
byराहुल खेडेकर
 
Diffie Hellman Key Exchange
bySAURABHDHAGE6
 
Error control
byBhupendra sahu
 
Modern Block Cipher- Modern Symmetric-Key Cipher
byMahbubur Rahman
 
Flow Control
byselvakumar_b1985
 

Viewers also liked

PPT
Network security and protocols
byOnline
 
PPTX
IPSec and VPN
byAbdullaziz Tagawy
 
PPT
Network Security
byMAJU
 
PPT
Secure Socket Layer
byNaveen Kumar
 
PPT
Ipsec
byRupesh Mishra
 
PDF
Telecommunications and Network Security Presentation
byWajahat Rajab
 
PPTX
Transport Layer Security (TLS)
byArun Shukla
 
PPT
OSI Model
byRahul Bandhe
 
PPT
key distribution in network security
bybabak danyal
 
PPTX
Osi model
byOnline
 
PPTX
OSI Layer Security
byNurkholish Halim
 
PPTX
Transport Layer Security
byChhatra Thapa
 
PPT
Network security
byGichelle Amon
 
PPT
Lecture 9 key distribution and user authentication
byrajakhurram
 
PPTX
E banking security
byIman Rahmanian
 
PPTX
Key management
byBrandon Byungyong Jo
 
PDF
Transport Layer Security
byn|u - The Open Security Community
 
PDF
Network security
bynageshkanna13
 
PPT
Network Security Lec5
byFederal Urdu University
 
Network security and protocols
byOnline
 
IPSec and VPN
byAbdullaziz Tagawy
 
Network Security
byMAJU
 
Secure Socket Layer
byNaveen Kumar
 
Ipsec
byRupesh Mishra
 
Telecommunications and Network Security Presentation
byWajahat Rajab
 
Transport Layer Security (TLS)
byArun Shukla
 
OSI Model
byRahul Bandhe
 
key distribution in network security
bybabak danyal
 
Osi model
byOnline
 
OSI Layer Security
byNurkholish Halim
 
Transport Layer Security
byChhatra Thapa
 
Network security
byGichelle Amon
 
Lecture 9 key distribution and user authentication
byrajakhurram
 
E banking security
byIman Rahmanian
 
Key management
byBrandon Byungyong Jo
 
Transport Layer Security
byn|u - The Open Security Community
 
Network security
bynageshkanna13
 
Network Security Lec5
byFederal Urdu University
 

Similar to Network security at_osi_layers

PPTX
Internetworking
byRaghu nath
 
PDF
Ccna notes
byRamesh Kumar
 
PPTX
communication-protocols
byAli Kamil
 
PPTX
Computer_Network
byRavi Jiyani
 
PDF
Chap 2 network models
byMukesh Tekwani
 
PPTX
OSI reference Model
byJohnson Ubah
 
PDF
Networks internet
byKumar
 
DOCX
OSI model (Tamil)
byNifras Ismail
 
PPT
Dc2 t1
byNachiket Rajput
 
PPTX
Chapter 1 overview-stij3053 - Network Design
bynakomuri
 
PPT
4.osi model
byAkshay Nagpurkar
 
PDF
Ccent notes part 1
byahmady
 
PDF
Network Fundamentals: OSI Model
byDiwash Sapkota
 
PPT
02 protocols and tcp-ip
bymyl_1116
 
PPTX
Osi layer
bySantosh Ban
 
PPTX
unit-1fon (1).pptx
byDeepVala5
 
PPTX
Osi
bywncstudent1
 
PPT
OSI Model.ppt
byShantanuBhushanMishr
 
PDF
Network internet
byKumar
 
PPTX
Ictinfraosi7 layers tcpipmodel2016e
byuncleRhyme
 
Internetworking
byRaghu nath
 
Ccna notes
byRamesh Kumar
 
communication-protocols
byAli Kamil
 
Computer_Network
byRavi Jiyani
 
Chap 2 network models
byMukesh Tekwani
 
OSI reference Model
byJohnson Ubah
 
Networks internet
byKumar
 
OSI model (Tamil)
byNifras Ismail
 
Dc2 t1
byNachiket Rajput
 
Chapter 1 overview-stij3053 - Network Design
bynakomuri
 
4.osi model
byAkshay Nagpurkar
 
Ccent notes part 1
byahmady
 
Network Fundamentals: OSI Model
byDiwash Sapkota
 
02 protocols and tcp-ip
bymyl_1116
 
Osi layer
bySantosh Ban
 
unit-1fon (1).pptx
byDeepVala5
 
Osi
bywncstudent1
 
OSI Model.ppt
byShantanuBhushanMishr
 
Network internet
byKumar
 
Ictinfraosi7 layers tcpipmodel2016e
byuncleRhyme
 

More from Federal Urdu University

PDF
Ntc internship report
byFederal Urdu University
 
PPSX
Os Linux
byFederal Urdu University
 
PPSX
Muzammil Prescriptive Vs Agile Process Models
byFederal Urdu University
 
PPT
Network Security Lec4
byFederal Urdu University
 
PPSX
Zohaib Dfd
byFederal Urdu University
 
DOC
Muzammil Agile Vs Prescriptive
byFederal Urdu University
 
PPSX
Ather Proactive Vs Reactive
byFederal Urdu University
 
PPT
Network Security
byFederal Urdu University
 
DOCX
Os Linux Documentation
byFederal Urdu University
 
PPSX
Hira Xp
byFederal Urdu University
 
PPSX
Sohrab Waterfall Vs Rad
byFederal Urdu University
 
POTX
Unix
byFederal Urdu University
 
PPSX
Maria Managment Spectrum
byFederal Urdu University
 
PPSX
Faisal Incremental Model
byFederal Urdu University
 
PPSX
Khurram Spiral
byFederal Urdu University
 
PPSX
Sidra Agile Software Process
byFederal Urdu University
 
PPSX
Zeeshan Estimation
byFederal Urdu University
 
PPSX
Umar Erd
byFederal Urdu University
 
PPSX
Zahid Asd
byFederal Urdu University
 
PPSX
G4 Group
byFederal Urdu University
 
Ntc internship report
byFederal Urdu University
 
Os Linux
byFederal Urdu University
 
Muzammil Prescriptive Vs Agile Process Models
byFederal Urdu University
 
Network Security Lec4
byFederal Urdu University
 
Zohaib Dfd
byFederal Urdu University
 
Muzammil Agile Vs Prescriptive
byFederal Urdu University
 
Ather Proactive Vs Reactive
byFederal Urdu University
 
Network Security
byFederal Urdu University
 
Os Linux Documentation
byFederal Urdu University
 
Hira Xp
byFederal Urdu University
 
Sohrab Waterfall Vs Rad
byFederal Urdu University
 
Unix
byFederal Urdu University
 
Maria Managment Spectrum
byFederal Urdu University
 
Faisal Incremental Model
byFederal Urdu University
 
Khurram Spiral
byFederal Urdu University
 
Sidra Agile Software Process
byFederal Urdu University
 
Zeeshan Estimation
byFederal Urdu University
 
Umar Erd
byFederal Urdu University
 
Zahid Asd
byFederal Urdu University
 
G4 Group
byFederal Urdu University
 

Recently uploaded

PDF
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
PPTX
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
PDF
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PPTX
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
PDF
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
DOCX
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
Data Center Exit to Cloud _ Managed Datacenter Migration.pdf
byAstuteBusiness
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
MathML Core in WebKit
byIgalia
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Assignment Review and Accessibility Audit Findings.pptx
byJulia Undeutsch
 
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
The Rise of AI-Powered Software Development
byordersoftwarekeys
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
In this document
Powered by AI

Overview of the OSI model, its seven layers, and their functionalities such as application, presentation, session, and transport.

Discussion of various attacks on OSI layers like FTP, HTTP vulnerabilities, and the use of TCP and UDP for attacks.

Security technologies like PGP, SSL, and encryption methods for securing data across OSI layers.

Focus on hardware solutions to network security such as switches, VLAN, and methods to prevent Ethernet LAN attacks.

ARP attacks, IP spoofing, and the effectiveness of IPSec for securing communication at the network layer.

Explains TCP and UDP vulnerabilities, transport layer security mechanisms, and risks of SSL for secure communications.

Strategies for securing SMTP, DNS, DHCP, FTP, and HTTP with protocols designed for safe data transfer and communication.

Network security at_osi_layers

  • 1.
    Network Security atOSI Layers Muhammad Muzammil Syed Zeeshan Nasir Department of computer science FUUAST, Islamabad 1-OSI Model: Network Routing and routable protocols such as IP and Open Shortest Path In 1983, the International Organization for First (OSPF). Path control Standardization (ISO) and the International and best effort at delivery Telegraph and Telephone Consultative Data link Network interface cards, Committee (CCITT) merged documents and Media Access Control (MAC) developed the OSI model, which is based on addresses, a specific hierarchy where each layer builds framing, formatting, and on the output of each adjacent layer. organizing data The OSI model is a protocol stack where the Physical Transmission media such as lower layers deal primarily with hardware, twisted-pair cabling, and the upper layers deal primarily with wireless systems, software. The OSI model’s seven layers are and fiber-optic cable designed so that control is passed down from layer to layer. The seven layers of the OSI model are shown: Layers Functionality 1.2-Functions of OSI Model: Application Application support such as File Transfer Protocol (FTP), The OSI model functions as follows: Telnet, and 1. Information is introduced into the Hypertext Transfer Protocol application layer and passed down until it (HTTP) ends up at the physical layer. Presentation Encryption, Server Message 2. Next, it is transmitted over the physical Block (SMB), American medium (i.e., wire, coax, or wireless) and Standard Code sent to the target device. for Information Interchange 3. Once at the target device, it proceeds (ASCII), and formatting back up the stack to the application layer. Session Data flow control, startup, shutdown, and error detection/ Correction Transport End-to-end communications, UDP and TCP services
  • 2.
    send data eitherquickly or reliably. 1.3-Explanation of Layers: Transport layer responsibilities include end- to-end error recovery and flow control. The The Application Layer: two primary protocols found on this layer Layer 7 is known as the application layer. include: Recognized as the official top layer of the • TCP A connection-oriented protocol; OSI model, this layer serves as the window provides reliable communication for application services. using handshake acknowledgments, error detection, and session The Presentation Layer: teardown. Layer 6 is known as the presentation layer. • UDP A connectionless protocol; The main purpose of the presentation layer offers speed and low overhead as its is to deliver and present data to the primary advantage. application layer. This data must be formatted so that the application layer can The Network Layer: understand and interpret it. The Layer 3 is known as the network layer, presentation layer is responsible for items which is fixed to software and deals with such as: packets. The network layer is the home of • Encryption and decryption of the IP, which offers best effort at delivery messages and seeks to find the best route from the • Compression and deCompression of source to the target network. Network- messages, format translation layer components include: • Handling protocol conversion • Routers • Stateless inspection/packet filters The Session Layer: Layer 5 is known as the session layer. Its The Data Link Layer: purpose is to allow two applications on Layer 2 is known as the data link layer and different computers to establish and is focused on traffic within a single local coordinate a session. It is also responsible area network (LAN).The data link layer for managing the session while information formats and organizes the data before and data are being moved. When a data sending it to the physical layer. Because it is transfer is complete, the session layer tears a physical scheme, hard-coded Mandatory down the session. Session-layer protocols Access Control (MAC) addresses are include: typically used. The data link layer organizes • Remote Procedure Call (RPC) the data into frames. When a frame reaches • Structured Query Language (SQL) the target device, the data link layer strips off the data frame and passes the data The Transport Layer: packet up to the network layer. Data-link- Layer 4 is known as the transport layer. layer components include: Whereas the application, presentation, and • Bridges session layers are primarily concerned with • Switches data, the transport layer is focused on • Network Interface Card (NIC) segments. Depending on the application • MAC addresses protocol being used, the transport layer can
  • 3.
    The Physical Layer: Layer1 of the OSI model is known as the Telnet: physical layer. Bit-level communication Telnet is a TCP shell service that takes place at layer 1. Bits have no defined operates on port 23.Telnet enables a client meaning on the wire; however, the physical at one site to establish a session with a host layer defines how long each bit lasts and at another site. The program passes the how it is transmitted and received. Physical information typed at the client’s keyboard layer components include copper cabling, to the host computer system. While Telnet fiber cabling, wireless system components, can be configured to allow unidentified and Ethernet hubs. The physical layer in this connections, it should also be configured to book has been extended to include: require usernames and passwords. • Perimeter security Unfortunately, even then, Telnet sends • Device Security them in clear text. When a user is logged in, • Identification and authentication he or she can perform any allowed task. Simple Mail Transfer Protocol (SMTP): This application is a TCP service that 2-Attacks at OSI operates on port 25, and is designed to Layers: exchange electronic mail between networked systems. Messages sent through SMTP have two parts: an address header Let see the attacks on all layers of OSI and the message text. All types of Model. computers can exchange messages with The Application Layer: SMTP. Spoofing and spamming are two of Most of the applications listed in this the vulnerabilities associated with SMTP. section are totally insecure because they were written for a different time. Here’s a Domain Name Service (DNS): short list of some of the insecure This application operates on port 53, applications and high-level protocols: and performs address translation. DNS converts fully qualified domain names FTP: (FQDNs) into a numeric IP address and FTP is a TCP service that operates on converts IP addresses into FQDNs. DNS uses ports 20 and 21 and is used to move files UDP for DNS queries and TCP for zone from one computer to another. Port 20 is transfers. DNS is subject to poisoning and if used for the data stream, and transfers the misconfigured, can be solicited to perform a data between the client and the server. Port full zone transfer. 21 is the control stream, and is used to pass commands between the client and the FTP Trivial File Transfer Protocol (TFTP): server. Attacks on FTP target misconfigured TFTP operates on port 69, and is directory permissions and compromised or a connectionless version of FTP that uses sniffed clear text passwords. FTP is one of UDP to reduce overhead and reliability. It the most commonly hacked services. connectionless version of FTP that uses UDP to reduce overhead and reliability. It does
  • 4.
    so without TCPsession management or proved to be an example of weak authentication, which can pose a big encryption (i.e., many passwords encrypted security risk. It is used to transfer router with this system could be cracked in less configuration files and to configure cable than 1 second because of the way Microsoft modems. People hacking those cable stored the hashed passwords). modems are known as uncappers. An NTLM password is uppercase, padded to 14 characters, and divided into Hypertext Transfer Protocol (HTTP): seven character parts. The two hashed HTTP is a TCP service that operates on results are concatenated and stored as a port 80. HTTP helped make the Web the LAN Manager (LM) hash, which is stored in popular service that it is today. The HTTP the SAM. The session layer is also connection model is known as a stateless vulnerable to attacks such as session connection. HTTP uses a request response hijacking. Network Basic Input/output protocol where a client sends a request and System (NetBIOS) is another service located a server sends a response. Attacks that in this area of the stack. exploit HTTP can target the server, browser, NetBIOS was developed for IBM and or scripts that run on the browser. Nimda is adopted by Microsoft, and has become an an example of the code that targeted a Web industry standard. It allows applications on server. different systems to communicate through the LAN. On LANs, hosts using NetBIOS Simple Network Management Protocol systems identify themselves using a 15- (SNMP): character unique name. Since NetBIOS is SNMP is a UDP service that operates non-routable, Microsoft adapted it to run on ports 161 and 162, and was designed to over Transmission Control Protocol/Internet be an efficient and inexpensive way to Protocol (TCP/IP). monitor networks. The SNMP protocol NetBIOS is used in conjunction with allows agents to gather information (e.g., SMB, which allows for the remote access of network statistics) and report back to their shared directories and files. This key feature management stations. Some of the security of Windows makes file and print sharing problems that plague SNMP are caused by and the Network Neighborhood possible. It the fact that community strings are passed also introduced other potential as cleartext and the default community vulnerabilities into the stack by giving strings (public/private) are well known. attackers the ability to enumerate systems SNMP version 3 is the most current and and gather user names and accounts, and offers encryption for more robust security. share information. Almost every script kiddie and junior league hacker has The Session Layer: exploited the net use command. There is a weakness in the security controls at the presentation and session The Transport Layer: layers. Let’s look at the Windows NT The transport layer is common with LanMan (NTLM) authentication system. vulnerabilities, because it is the home of Originally developed for Windows systems UDP and TCP. Because UDP is and then revised for Windows NT post connectionless, it’s open for attackers to service pack 2 systems, this security control use for a host of denial of service (DoS)
  • 5.
    attacks. It’s alsoeasy to spoof and requires no confirmation.TCP is another used and abused protocol. Port scanning and TCP The Physical Layer: make the hacker trade possible. An attacker gaining access to the Before a hacker can launch an attack, telecommunications closet, an open port in he or she must know what is running and the conference room, or an unused office, what to target.TCP makes this possible. could be the foothold needed to breach the From illegal flag settings, NULL, and XMAS, network or, even worse, gain physical to more common synchronous (SYN) and access to a server or piece of equipment. reset (RST) scans, TCP helps attackers It’s a generally accepted fact that if identify services and operating systems. someone gains physical access to an item, they can control it. The Network Layer: At the network level are services such as IP and ICMP. IPv4 has no security services 3-Countermeasures built in, which is why Secure Internet Found in Each Layer: Protocol (IPSec) (a component of IPv6) was developed. Without IPSec, IP can be Security countermeasures are the targeted for many types of attacks (e.g., controls used to protect the confidentiality, DOS), abused through source routing, and integrity, and availability of data and tricked into zombie scanning “IPID Scan.” information systems. While ICMP was developed for diagnostics There is a wide array of security and to help with logical errors, it is also the controls available at every layer of the target of misuse. ICMP can be used to stack. Overall security can be greatly launch Smurf DoS attacks or can be enhanced by adding additional security subverted to become a covert channel with measures, removing unneeded services, programs such as Loki. hardening systems, and limiting access. The Data Link Layer: • Virus Scanners: Antivirus programs The dangers are real at the data link can use one or more techniques to layer. Conversion from logical to physical check files and applications for addressing must be done between the viruses. While virus programs didn’t network and data link layers. Address exist as a concept until 1984, they Resolution Protocol (ARP) resolves logical to are now a persistent and constant physical addresses. problem, which makes maintaining While critical for communication, it is antivirus software a requirement. also used by attackers to bypass switches These programs use a variety of and monitor traffic, which is known as ARP techniques to scan and detect poisoning. Even without ARP poisoning, viruses, including signature passive sniffing can be a powerful tool if the scanning, heuristic scanning, attacker positions himself or herself in the integrity checks, and activity right place on the network. blocking.
  • 6.
    Pretty Good Privacy (PGP): In 1991, • Secure Electronic Transmission Phil Zimmerman initially developed (SET): SET is a protocol standard that PGP as a free e-mail security was developed by MasterCard, VISA, application, which also made it and others to allow users to make possible to encrypt files and folders. secure transactions over the PGP works by using a public-private Internet. It features digital key system that uses the certificates and digital signatures, International Data Encryption and uses of Secure Sockets Layer Algorithm (IDEA) algorithm to (SSL). encrypt files and email messages. • Terminal Access Controller Access • Secure Multipurpose Internet Mail Control System (TACACS): Available Extensions (S/MIME): S/MME in several variations, including secures e-mail by using X.509 TACACS, Extended TACACS certificates for authentication. The (XTACACS), and TACACS+.TACACS is Public Key Cryptographic Standard is a centralized access control system used to provide encryption, and can that provides authentication, work in one of two modes: signed authorization, and auditing (AAA) and enveloped. Signing provides functions. integrity and authentication. • Kerberos: Kerberos is a network Enveloped provides confidentiality, authentication protocol created by authentication, and integrity. the Massachusetts Institute of • Privacy Enhanced Mail (PEM): PEM Technology (MIT) that uses secret- is an older e-mail security standard key cryptography and facilitates that provides encryption, single sign-on. Kerberos has three authentication, and X.509 parts: a client, a server, and a certificate-based key management. trusted third party to mediate • Secure Shell (SSH): SSH is a secure between them. application layer program with • SSL: Netscape Communications different security capabilities than Corp. initially developed SSL to FTP and Telnet. Like the two provide security and privacy aforementioned programs, SSH between clients and servers over the allows users to remotely log into Internet. It’s application- computers and access and move independent and can be used with files. The design of SSH means that HTTP, FTP, and Telnet. SSL uses no clear text usernames/passwords Rivest, Shamir, & Adleman (RSA) can be sent across the wire. All of public key cryptography and is the information flowing between capable of client authentication, the client and the server is server authentication, and encrypted, which means network encrypted SSL connection. security is greatly enhanced. Packets • Transport Layer Security (TLS): TLS can still be sniffed but the is similar to SSL in that it is information within the packets is application independent. It consists encrypted. of two sub layers: the TLS record
  • 7.
    protocol and theTLS handshake 128-bit keys. A 24-bit Initialization protocol. Vector (IV) is used to provide • Windows Sockets (SOCKS): SOCKS is randomness; therefore, the “real a security protocol developed and key” may be no more than 40 bits established by Internet standard RFC long. There have been many proven 1928. It allows client-server attacks based on the weaknesses of applications to work behind a WEP. firewall and utilize their security • Wi-Fi Protected Access (WPA): WPA features. was developed as a replacement for • IPSec: IPSec is the most widely used WEP. It delivers a more robust level standard for protecting IP of security.WPA uses Temporal Key datagram’s. Since IPSec can be Integrity Protocol (TKIP), which applied below the application layer, scrambles the keys using a hashing it can be used by any or all algorithm and adds an integrity- applications and is transparent to checking feature that verifies that end users. It can be used in channel the keys haven’t been tampered mode or transport mode. with. Next, WPA improves on WEP • Point-to-point Tunneling Protocol by increasing the IV from 24 bits to (PPTP): Developed by a group of 48 bits.WPA also prevents rollover vendors including Microsoft, 3Com, (i.e., key reuse is less likely to occur). and Ascend, PPTP is comprised of Finally, WPA uses a different secret two components: the transport that key for each packet. maintains the virtual connection and • Packet Filters: Packet filtering is the encryption that insures configured through access control confidentiality. PPTP is widely used lists (ACLs). ACL’s allow rule sets to for virtual private networks (VPNs). be built that will allow or block • Challenge Handshake traffic based on header information. Authentication Protocol (CHAP): As traffic passes through the router, CHAP is an improvement over each packet is compared to the rule previous authentication protocols set and a decision is made whether such as Password Authentication the packet will be permitted or Protocol (PAP) where passwords are denied. sent in clear text. CHAP uses a • Network Address Translation (NAT): predefined secret and a pseudo NAT can be used to translate random value that is used only once. between private and public This facilitates security because the addresses. PrivateIP addresses are value is not reused and the hash those considered non-routable (i.e., cannot be reversed-engineered. public Internet routers will not route • Wired Equivalent Privacy (WEP): traffic to or from addresses in these While not perfect, WEP attempts to ranges). add some measure of security to • Fiber Cable: The type of wireless networking. It is based on transmission media used can make a the RC4 symmetric encryption difference in security. Fiber is much standard and uses either 64-bit or more secure than wired alternatives
  • 8.
    and unsecured wirelesstransmission Authentication is the process of proving methods. your identity. Various authentication • Secure Coding: It is more cost- schemes have been developed over the effective to build secure code up years and can be divided into three broad front than to try and go back and fix categories: it later. Just making the change from • Something You Know Passwords C to a language such as .NET or • Something You Have Tokens, smart CSharp can have a big security cards, and certificates • Something You Are Biometrics impact. The drive for profits and the additional time that QA for security would introduce, causes many companies to not invest in secure code. 5- Defending the Data-Link Layer: 4-Defending the Protocol define at this layer provide security. Physical Layer: Ethernet LAN Security: There is no security protocol that will The Ethernet LAN has many security defend physical layer, but several natural weaknesses when facing attacks externally methods are utilized to perform our job. and internally. Security measures must be taken to ensure a secured environment for The security controls on physical layer communications ever the Ethernet LAN. The have three primary goals: following are some key risks in an Ethernet • Deter (Discourage): Two methods LAN: used to deter intruders are security lighting and “Beware of Dog” signs. • The primary weakness with Ethernet • Delay: Some of the techniques used is that it is a broadcast system. Every to delay an intruder include fences, message sent out by any computer gates, locks, access controls, and on an Ethernet LAN segment mantraps. reaches all parts of that segment • Detect: Two systems used to detect and potentially could be read by any intruders are intrusion detection computer on the segment. Sniffing systems (IDSes) and alarms. type programs can record, read and analyze all the messages on a Physical security focuses on intruders segment. Actually others can read and thieves. Some main concern to security your password and subsequently are follow: login to any account. They can also Identification and Authentication: change the information and forge Identification is the process of totally different messages. identifying yourself, and is commonly • Peer-to-Peer networking systems performed by entering a username. (both Windows and Macintosh
  • 9.
    AppleTalk) for Workgroupsallow snooper" is on one side of a bridge people on the network to share files or router they will not see any traffic and printers, which open up your passing between computers on the files to anyone using another other side of the filter. computer in the group. • Lan Security Architecture (LSA): a • Some applications, such as FTP proprietary technique where twisted program which allows you to get pair hubs inspect incoming files from and send files to another messages and will only transmit computer, may have an option in them unscrambled to the their configuration which allows destination computer. All other other computers to get into your computers on the hub receive computer and have access to your scrambled messages. files while the program is running. • It is relatively easy in an Ethernet Software Solutions for Ethernet LAN LAN to fake an Email message and Security other messages which purports to come from someone else. It is also • Encryption: Encrypting the data possible to fake a login session by passing between your computer and recording a legitimate one and its destination. There are many running the recording later on. encryption technologies and product available which effective protect There are many hardware and software information and data privacy. The solutions to address the above Ethernet popular encryption methods used LAN security issues: are PGP (Pretty Good Privacy). • Authentication: Use user name and Hardware Solutions for Ethernet LAN password to authenticate users. It is Security necessary to encrypt the password and implement timestamps making • Use a switched network: A switch forgery extremely difficult. can segregate a network into many • Combination technologies: Many parts which can effectively new technologies are available preventing snooping and sniffing on which doing both authentication a network. These switches also and encryption. One of such reduce network traffic by limiting technologies is Kerberos which uses messages to only the parts of the tokens, timestamps, tickets and network on which they are needed encryption to make transactions to improve the efficiency of the between computers secure. whole network. • Bridges and Routers: Bridges and routers are electronic filters which only pass a network message through themselves if the destination lies on the other side of VLAN: Virtual Local Area Network and IEEE the filter. Consequently if "the 802.1Q
  • 10.
    Virtual LAN (VLAN)refers to a group of Passwords logically networked devices on one or more Sensitive information LANs that are configured so that they can Information gathering communicate as if they were attached to • Broadcast Attacks the same wire, when in fact they are • Man-In-the-Middle (MIM) Attack: located on a number of different LAN Man-in-the-Middle (MIM) is a very common segments. Because VLANs are based on type of attack, in which an attacker inserts logical instead of physical connections, it is his computer between the communication very flexible for user/host management, paths of two target computers by Sniffs bandwidth allocation and resource packets from Network, modified them and optimization. then insert them back into the Network. • Denial of Services (DoS) Attack: There are the following types of Virtual A “Denial of Service (DoS)” attack is a flood LANs: of packets that consumes network resources and causes deadlock. 1. Port-Based VLAN: each physical • Session Hijacking: switch port is configured with an Session Hijacking is a process by which an access list specifying membership in attacker sees/ listen an active TCP a set of VLANs. connection between two other hosts and 2. MAC-based VLAN: a switch is then insert fake packets (in one or both configured with an access list directions) and takes control of the mapping individual MAC addresses connection. This method is similar to the to VLAN membership. MIM attack. 3. ATM VLAN - using LAN Emulation • Sniffing (Passwords, Sensitive (LANE) protocol to map Ethernet Information and Information packets into ATM cells and deliver Gathering): them to their destination by Sniffing is a process of monitoring all converting an Ethernet MAC address information or reading the packets that are into an ATM address. being transmitted on a network. An attacker can sniff network traffic and ARP: can also passively intercept network traffic. Address Resolution Protocol Then, through packet analysis, he might be Types of ARP Attacks: able to determine login IDs and passwords There are many ways an attacker can gain and collect other sensitive data. There are access or exploit your system. It is not so many tools available for Sniffing like important how attacker gain access into the Hunt, Sniffit, Ettercap, Snort and Dsniff. system. Once the intruder breaks into your system he can use it according to his way. They work as follows: Following are some types of attacks that a) Ethernet was built around a "shared" can be resulted from ARP Spoofing: principle: all machines on a local network • Man-in-the-Middle (MIM) share the same wire. • Denial of Services (DoS) b) This implies that all machines are able to • Session Hijacking "see" all the traffic on the same wire. • Sniffing
  • 11.
    c) Thus, Ethernethardware is built with a key security risks at the Network Layer "filter" that ignores all traffic that doesn't associated with the IP: belong to it. It does this by ignoring all frames whose MAC address doesn't match. • IP Spoofing: The intruder sends • Broadcast Attacks: messages to a host with an IP This technique is used to send a large address (not its own IP address) amount of ICMP echo request (Ping) traffic indicating that the message is to all known IP broadcast addresses with coming from a trusted host to gain the spoofed source address of the victim. un-authorized access to the host or other hosts. To engage in IP spoofing, a hacker must first use a Strategy to overcome the constraints: variety of techniques to find an IP address of a trusted host and then • Network Analyzer Tools and modify the packet headers so that it Sniffers: appears that the packets are coming It allows you to inspect network from that host. traffic at every level of the network stack in • Routing (RIP) attacks : Routing various degrees of detail. Information Protocol (RIP) is used to • Encryption: distribute routing information within Encryption is an effective way to networks, such as shortest-paths, defend against Sniffing and ARP Spoofing. and advertising routes out from the Encryption prevents any non-authorized local network. RIP has no built in party from reading or changing data. authentication, and the information • Intrusion Detection Systems (IDS): provided in a RIP packet is often IDS identify attacker’s attempts to used without verifying it attack or break into the network and • ICMP Attacks: ICMP is used by the IP misuse it. IDSs may monitor packets passing layer to send one-way informational over the network, monitor system files, messages to a host. There is no monitor log files, or set up deception authentication in ICMP, which leads systems that attempt to trap hackers. Port to attacks using ICMP that can result Scans and Denial-of-Service Attacks are an in a denial of service, or allowing the ongoing threat. attacker to intercept packets. Denial of service attacks primarily use either the ICMP "Time exceeded" or 6- Defending the Network Layer: "Destination unreachable" message. Both of these ICMP messages can Every layer of communication has its cause a host to immediately drop a own unique security challenges. The connection Network Layer is especially weak for many • PING Flood (ICMP Flood): PING is Denial of Service attacks and information one of the most common uses of privacy problems. The most popular ICMP which sends an ICMP "Echo protocol used in the network layer is IP Request" to a host, and waits for (Internet Protocol). The following are the that host to send back an ICMP "Echo Reply" message. Attacker
  • 12.
    simply sends ahuge number of connectionless integrity, data origin "ICMP Echo Requests" to the victim authentication, rejection of replayed to cause its system crash or slow packets (a form of partial sequence down. This is an easy attack because integrity), confidentiality (encryption), and many ping utilities support this limited traffic flow confidentiality. Because operation, and the hacker doesn't these services are provided at the IP layer, need much knowledge. they can be used by any higher layer • Packet Sniffing: Because most protocol, e.g., TCP, UDP, ICMP, BGP, etc. network applications distribute network packets in clear text, a These objectives are met through the use of packet sniffer can provide its user two traffic security protocols, the with meaningful and often sensitive Authentication Header (AH) and the information, such as user account Encapsulating Security Payload (ESP), and names and passwords. A packet through the use of cryptographic key sniffer can provide an attacker with management procedures and information that is queried from the protocols. The set of IPSec protocols database, as well as the user employed in any context, and the ways in account names and passwords used which they are employed, will be to access the database. This cause determined by the security and system serious information privacy requirements of users, applications, and/or problems as well as tools for crimes. sites/organizations. IPSec: Internet Protocol Security (IPSec) is a Protocol Structure: protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPSec provides security services at the network layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPSec can be used to protect one or more "paths" between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. The set of security services that IPSec can provide includes access control,
  • 13.
    7- Defending the providing endpoint authentication Transport Layer: and encryption. One faulty SSL client implementation Microsoft I Explorer, allows for transparent SSL The transport Layer is especially weak for attacks. SSL that would warn the the Denial of Service (DOS) attack or user about problems with the server Distributed Denial of Service (DDOS) attack. certificate. Two most popular protocols used in the • TCP Connecting Hijacking is also transport layer are TCP (Transmission known as Man-in-the-Middle attack. Control Protocol) and UDP (User Datagram With this attack, an attacker can Protocol). The following are the key security allow normal authentication to risks at the Transport Layer associated with proceed between the two hosts, and TCP and UDP: then seize control of the connection. There are two possible ways to do • TCP "SYN" attack is also known as this: one is during the TCP three-way SYN Flooding. It takes advantage of a handshake, and the other is in the flaw in how most hosts implement middle of an established connection. the TCP three-way handshake. • UDP Flood Attack: UDP is a When Host B receives the SYN connectionless protocol and it does request from A, it must keep track of not require any connection setup the partially opened connection in a procedure to transfer data. A UDP "listen queue" for at least 75 Flood Attack is possible when an seconds. Many implementations can attacker sends a UDP packet to a only keep track of a very limited random port on the victim system. number of connections. A malicious When the victim system receives a host can exploit the small size of the UDP packet, it will determine what listen queue by sending multiple application is waiting on the SYN requests to a host, but never destination port. When it realizes replying to the SYN&ACK the other that there is no application that is host sends back. By doing so, the waiting on the port, it will generate other host's listen queue is quickly an ICMP packet of destination filled up, and it will stop accepting unreachable to the forged source new connections, until a partially address. If enough UDP packets are opened connection in the queue is delivered to ports on victim, the completed or times out. This ability system will go down. of removing a host from the network for at least 75 seconds can The three-way handshake: in Transmission be used as a denial-of-service attack, or it can be used as a tool to Control Protocol is the method used to implement other attacks, like IP establish and tear down network Spoofing. • SSL Man-in-the-Middle Attacks: connections. This handshaking technique is SSL/TLS was supposed to mitigate referred to as the 3-way handshake or as that risk for web transactions by
  • 14.
    "SYN-SYN-ACK" (or moreaccurately SYN, store sensitive data such as medical SYN-ACK, ACK). The TCP handshaking information, or collect confidential mechanism is designed so that two information from the users on the network, computers attempting to communicate can and can also be used by other businesses negotiate the parameters of the network that want to secure network connections connection before beginning between the client and the server. communication. Transport Layer Security involves the use of • Host A sends a TCP SYNchronize an encryption system which utilizes a digital packet to Host B certificate which is formulated to identify • Host B receives A's SYN • Host B sends a SYNchronize- the network owner, as well as create public ACKnowledgement keys that are used to encrypt • Host A receives B's SYN-ACK • Host A sends ACKnowledge communications over the network. The • Host B receives ACK. TCP connection certificate is installed on the portion of the is ESTABLISHED. server that requires encryption. When the client logs onto the network, a Transport Layer Security: message is sent to the server that identifies Transport Layer Security provides a way for the client. The server will then return a you to create a secure network connection message and list the cryptographic methods between a client and a server by encrypting that are to be used for communication to the connection between both entities. ensure the client and the server are Transport Layer Security is similar to communicating in the same language. Security Socket Layers because both • Different Types of Transport Layer protocols provide security for applications Security such as email, Instant Messaging, Web There are several different types of browsing, VoIP (Voice over Internet Transport Layer Security depending upon Protocol). the encryption requirements for the Transport Layer Security is used within organization. organizations that use payment processes,
  • 15.
    • Web Server Transport Layer 8- Defending the Security: This type of encryption Session Layer: protects the data when the client connects to the Internet to send data through a Web browser or Protocols that assist it are discussed. website. The TLS encryption provides a secure Web server and NetBIOS: prevents the data from being NetBIOS is a protocol that Microsoft intercepted by an unauthorized Windows systems use to share user. resources. For example, if a PC • Email Server Transport Layer running Windows wants to connect Security: To secure to and access a share on a file communications between the server, it probably uses NetBIOS. email client and the server, a SMB, the method used to access file digital certificate is installed on and printer shares, can also run the email server to provide encrypted communications when independently of NetBIOS over TCP sending and receiving confidential ports 139 and 445. Both of these information via email. approaches, however, tend to increase the attack surface of a • Virtual Private Network Security: network. Transport Layer Security works to secure a virtual private network The ports that we’d have to open to appliance by installing a digital certificate on the VPN appliance the Internet are UDP/137, UDP/138, that provides an encrypted and TCP/139. Unfortunately, the connection between the remote most popular attacker target is user and the network that they NetBIOS and against these ports. are accessing. Once an attacker discovers an active • Database and Directory Security: Organizations deploy Transport port 139 on a device, he can run Layer Security to encrypt server NBSTAT to begin the very important queries for databases and first step of an attack—foot printing. directories that contain sensitive With the NBSTAT command, he can data and information obtain some or all of the following information: • Computer name • Contents of the remote name cache, including IP addresses
  • 16.
    A list of local NetBIOS names o Perform malware scanning • A list of names resolved by on end user stations after broadcast or via WINS decryption. o Use message content • Contents of the session table scanners specifically with the destination IP designed to check the addresses content of encrypted. Defending against external NetBIOS connections 10-Defending the • Disabling the system’s ability to Application Layer: support null sessions • Defining very strong passwords for the local administrator accounts 1. SMTP: Simple Mail Transfer Protocol • Defining very strong passwords for shares, assuming you absolutely Simple Mail Transfer Protocol (SMTP) is a have to have shares on exposed protocol designed to transfer electronic systems mail reliably and efficiently. SMTP is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification 9-Defending the regarding incoming mail. Presentation Layer: SMTP is independent of the particular transmission subsystem and requires only a S/MIME security: reliable ordered data stream channel. An important feature of SMTP is its capability S/MIME support is one of Outlook's to transport mail across networks, usually unheralded important features. It gives you referred to as "SMTP mail relaying". Using end-to-end protection: SMTP, a process can transfer mail to another process on the same network or to • S/MIME is tailored for end to end some other network via a relay or gateway security. Encryption will not only process accessible to both networks. encrypt your messages, but also malware. Thus if your mail is In this way, a mail message may pass scanned for malware anywhere but through a number of intermediate relay or at the end points, such as your gateway hosts on its path from sender to company's gateway, encryption will ultimate recipient. The Mail eXchanger defeat the detector and successfully mechanisms of the domain name system deliver the malware. Solutions: are used to identify the appropriate next- hop destination for a message being transported.
  • 17.
    Security: node that contains an SNMP agent and that resides on a managed network. Managed One of the ways to restrict access to devices collect and store management an outgoing mail server is to verify information and make this information that the computer is on the ISP's available to NMSs using SNMP. Managed local network. When you dial your devices, sometimes called network modem and connect to your ISP, elements, can be routers and access your computer is given an IP address servers, switches and bridges, hubs, that identifies you as being a part of computer hosts, or printers. An agent is a that ISP's network. If you have two network management software module ISPs and dial up to one and then that resides in a managed device. An agent connect to the other's mail server, it has local knowledge of management may prevent you from relaying mail information and translates that information because your computer is not into a form compatible with SNMP. An NMS identified as being on the local executes applications that monitor and network for the provider whose mail control managed devices. server you are sending through. In this case, you should try to use the • SNMP v1 Basic Operations and SMTP server for the provider you Features have used to dial up and connect to • SNMP v2 Additional Operations the Internet. • SNMP v3 Security Enhancement Why Security is Important in SNMP: 2. SNMP: Simple Network Management Protocol The need for security in SNMP is obvious because the MIB objects being Simple Network Management Protocol communicated contain critical information (SNMP) is the protocol developed to about network devices. We don't want just manage nodes (servers, workstations, anyone “snooping” into our network to find routers, switches and hubs etc.) on an IP out our IP addresses, or how long our network. SNMP enables network machines have been running, or whether administrators to manage network our links are down, or pretty much anything performance, find and solve network else. problems, and plan for network growth. Network management systems learn of 3. DHCP problems by receiving traps or change notices from network devices implementing DHCP spoofing SNMP. DHCP spoofing is a type of attack on DHCP An SNMP managed network consists of server to obtain IP addresses using spoofed three key components: managed devices, DHCP messages. In the cases where the agents, and network-management systems DHCP server is on a remote network, and an (NMSs). A managed device is a network IP address is required to access the
  • 18.
    network, but sincethe DHCP server supplies when requesting a DHCP IP address and the IP address, the requester is at an thus is not able to access the network. impasse. To supply access to the network, DHCP starvation may be purely a denial of when the Pipeline receives a DHCP Discover service (DoS) mechanism or may be used in packet (a request for an IP address from a conjunction with a malicious rogue server PC on the network), it responds with a attack to redirect traffic to a malicious DHCP Offer packet containing the computer ready to intercept traffic. configured (spoofed) IP address and a renewal time, which is set to a few seconds. When the normal DHCP server is down, the The requester then has access to the DHCP network attacker can then set up a rogue server and gets a real IP address. (Other DHCP server on his or her system and variations exist in environments where the respond to new DHCP requests from clients APP server utility is running.) on the network. An intruder may issue an address with DNS server information or DHCP Starvation default gateway information that redirects traffic to a computer under the control of A DHCP starvation attack works by the intruder. broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with DHCP Starvation Attack Mitigation attack tools such as gobbler. If enough requests are sent, the network attacker can By limiting the number of MAC addresses exhaust the address space available to the on a switch port will reduce the risk of DHCP servers for a period of time. This is a DHCP starvation attack. When more simple resource starvation attack just like a systems implement the RFC 3118, SYN flood is a starvation attack. The Authentication for DHCP Messages, DHCP network attacker can then set up a rogue starvation attacks will become more DHCP server on his or her system and difficulty. respond to new DHCP requests from clients on the network. Exhausting all of the DHCP Adding Security to DHCP addresses is not required to introduce a rogue DHCP server, though. Since DHCP runs over UDP and IP, one could use IPSec at layer three to provide authentication. DHCP Starvation Attack DHCP starvation attack works by 4. FTP: File Transfer Protocol broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with File Transfer Protocol (FTP) enables file attack tools such as gobbler. If enough sharing between hosts. FTP uses TCP to requests are sent, the network attacker can create a virtual connection for control exhaust the address space available to the information and then creates a separate DHCP servers for a period of time. TCP connection for data transfers. The Subsequently, a legitimate user is denied control connection uses an image of the
  • 19.
    TELNET protocol toexchange commands sensitive information should be and messages between hosts. transferred with SFTP . The key functions of FTP are: 1) To promote sharing of files (computer programs and/or data), S-FTP, or Secure FTP, S/FTP 2) To encourage indirect or implicit (via programs) use of remote computers, Secure FTP (S-FTP or S/FTP) is the enhanced version of the File Transfer Protocol (FTP) 3) To shield a user from variations in file with security features. Mainly, S-FTP adds storage systems among hosts, and encryption to the FTP contents which is send in clear text in the original FTP version. 4) To transfer data reliably and efficiently. S-FTP is available on almost all operating FTP, though usable directly by a user at a systems including Windows, UNIX, and terminal, is designed mainly for use by Macintosh. programs. 5. Hypertext Transfer Protocol Secure FTP has little security protection when (HTTPS) performing file transfer: both user password and the data are exposed to HTTP is a combination of the Hypertext public. To make the file transfer more Transfer Protocol with the SSL/TLS secure, some enhancements have been protocol to provide encryption and made on the FTP, including SFTP SSH secure (website security testing) protected FTP and BBFTP. identification of the server. • The data that is transferred, it should only be used to transfer small S-HTTP: Secure Hypertext Transfer (1-10KB) files containing sensitive Protocol data. Large files that do not contain sensitive information should be Secure HTTP (S-HTTP) is a secure message- transferred via a method that does oriented communications protocol not encrypt data. designed for use in conjunction with HTTP. S-HTTP is designed to coexist with HTTP's • SSH protected FTP: This transfer messaging model and to be easily method encrypts the password integrated with HTTP applications. information but does NOT encrypt the data being transferred. As a Secure HTTP provides a variety of security result, it should only be used to mechanisms to HTTP clients and servers, transfer large (and small) files that providing the security service options do NOT contain sensitive appropriate to the wide range of potential information. File that contains end uses possible for the World-Wide Web (WWW). S-HTTP provides symmetric
  • 20.
    capabilities to bothclient and server (in that equal treatment is given to both requests and replies, as well as for the preferences of both parties) while preserving the transaction model and implementation characteristics of HTTP. 11- References: • Web Sites • http://www.infosecwriters.com • http://www.javvin.com • http://www.spamlaws.com • http://www.inetdaemon.com • http://blogs.techrepublic.com.com • http://en.wikipedia.org • Books • Hack The Stack • Network Management Fundamental • Network Security Essential