CISSP - 7 Telecommunications & Network Security
CISSP - 7 Telecommunications & Network Security
Telecommunications
and Network Security
1
O S I R EFER EN C E M O D EL
O SI
DATA
DATA
DATA
Segment
Packet
Frame
Bits
O SIm odel
7 layers
A P S T N D P All People Seem to Need
O SI
Before we talk about network equipment we
need to discuss the OSI framework briefly.
The OSI is a model of how network
layer.
Originally used in
LANs:
10Base2 (thinnet)
RG-58
10Base5
(thicknet) RG-8
Now used for WAN
Access RG-6 or RG59
Shielded and
Unshielded
CAT3 10 Mbps
CAT5 100 Mbps
CAT 5e/CAT 6 1000
Mbps
No central point of
connection
Difficult to troubleshoot
One break in cable
takes down the whole
network
Ring
No central point of
connection
Often implemented
with a MAU for fault
tolerance
Star
Mesh
Modem
Modulator/Demodulator
Converts digital signal to
analog and back
Threats:
Theft
Unauthorized Access
Vandalism
Sniffing
Interference
Data Emanation
next slides)
CSMA/CD
Supports full duplex with a switch
Defined by IEEE 802.3
ARP
ARP
Collision D om ain
Sw itch
A network Switch is just a multi-port bridge.
Switches will often have 24 or more ports, and
learns which MAC addresses are on which ports.
Works at layer 2 (data link)
On a switch a computer can send data AND
Sw itch
A switch does not alter broadcast domains
A switch only sends traffic from the
Sw itch
IMAP)
Ping Floods, Pings of Death, Loki, Smurf
ICM P
ICMP IP helper
Protocol behind echoing utilities like PING
and Traceroute
Frequently exploited
LOKI :sending data in ICMP messagescovert
Channel
Ping of Death:violates the MTU (maximum
transmission unit) size
Ping Floods: Lots of ping traffic
SMURF: Uses spoofed source address (Target)
and directed broadcasts to launch a DDos
Chapter)
TCP
UDP
delivery.
Advantages
Easier to program with
Truly implements a session
Adds security
Disadvantages
More overhead / slower
SYN Floods
TCP
Reliable connection-oriented protocol
Has a guaranteed delivery based on the
handshake process
1. SYN
2. SYN/ACK
3. ACK
is essential
Media Streaming, Gaming, live time
chat, etc
FTP uses TCP
TFTP uses UDP
services
formatting
format
File level encryption
Removing redundancy from files (compression)
etc.
Application Proxies
Non-Repudiation
Certificates
Integration with Directory SErvices
Time awareness.
TC P /IP M O D EL
O SIvs.TCP/IP m odel
Host to Host or
Transport
Network
Access
Or Network
Interface
TH R EATS TO N ETW O R K
S EC U R ITY
Com m on Attacks
attack
Data Diddling: Altering/Manipulating data, usually
before entry
Sniffing: Capturing and Viewing packets through
the use of a protocol analyzer. Best defense:
Encryption
Session Hijacking: Where an attacker steps in
between two hosts and either monitors the
exchange, or often disconnects one. Session hijacks
are types of Man in the Middle attacks. Encryption
prevents sniffing and mutual authentication would
prevent a session hijack
attacker tries to find the phone number that accepts incoming calls.
RAS should be set to use caller ID (can be spoofed), callback (best),
and configured so that modem does not answer until after 4 calls.
Dos Denial of Service: The purpose of these attacks is to overwhelm
a system and disrupt its availability
DDoS Distributed Denial of Service: Characterized by the use of
Control Machines (Handlers) and Zombies (Bots) An attacker uploads
software to the control machines, which in turn commandeer
unsuspecting machines to perform an attack on the victim. The idea
is that if one machine initiating a denial of service attack, then having
many machines perform the attack is better.
Ping of Death: Sending a Ping Packet that violates the Maximum
Transmission Unit (MTU) sizea very large ping packet.
Ping Flooding: Overwhelming a system with a multitude of pings.
Firew alls
Packet fi
lter Uses Access control lists (ACLs),
Packet Filter
Packet filters keep no state*
Each packet is evaluated own its own
State fullfi
rew all router keeps track of a connections in a table. It
D ynam ic packet fi
ltering
I believe the author is confusing about this topic
Proxy fi
rew alls
Two types of proxies
Circuit level*
Application*
slides
Circuit LevelProxy
A middleman.
A proxy takes client information and
Circuit LevelProxies
Main purpose is to hide internal network and stop direct
communications between external machines and internal machines.
Advantages
Fairly simple
Works with all network protocols
Hides internal network addresses
When used with a firewall, stops people from directly starting
conversations with internal hosts, while still allowing internal hosts
to communicate with the Internet
Disadvantages
A single point of failure and performance issues
Does not analyze data does not protect from dangerous data
Cannot protect against, violations in the protocol or bad data being
passed around,
Application Proxies
Application Proxies
Advantages
Application proxies understand the protocol, so they can
Disadvantages
Extra processing requires extra CPU (slower)
Proxies ONLY understand the protocols they were written
Security Zones
It is common practice in network and
physical security to group different
security levels into different areas or
zones. Each zone is either more or less
trusted then the other zones. Interfaces
between zones have some type of access
control to restrict movement between
zones (like biometric and guard stations)
or firewalls.) In Network security there is
often a median zone between the Internet
and internal network called a DMZ.
DM Z
A buffer zone between an unprotected
network and a protected network
that allows for the monitoring and
regulation of traffic between the two.
Internet accessible servers (bastion
DM Z
D M Z architectures
Multi-homed Firewall
Screened Subnet
M ulti-hom ed fi
rew all
Screened Subnet
In a screen subnet, there is a separate
firewall on both sides of the DMZ.
When using this model it is
recommended that each firewall be a
different vendor/product.
Diversity of defense*
Screened Subnet
N AT/PAT
A proxy that works without special
software and is transparent to the end
users.
Remaps IP addresses, allowing you to
use private addresses internally and
map them to public IP addresses
NAT allows a one-to-one mapping of IP
addresses
PAT allows multiple private address to
share one public address
N AT
N AT
Computer 10.0.0.1 sends a packet to 175.56.28.3
Router grabs packet, notices it is NOT address to him..
N AT
N AT
Client computer creates packet
SRC: 10.0.0.1:TCP:10000
DEST: 130.85.1.3:TCP:80
N AT/PAT diff
erence
NAT ONLY looks and rewrite the IP addresses*.
NAT requires 1 public IP for each computer that
N AT /PAT
Advantages
Allows you to use private addresses Internally,
Disadvantages
Single Point of Failure / Performance Bottleneck
Doesnt protect from bad content
RFC 1918
10.x.x.x
172.16.x.x-172.31.x.x
192.168.x.x
O verallFirew allissues
Potential bottleneck
Can restrict valid access
Often mis-configured
Except for application proxies
Enable logging
Drop fragments or re-assemble fragments
W A N TEC H N O LO G Y
LAN ,W AN ,M AN
LAN local area network
High speed
Small physical area
Circuit Sw itching
Attacks*
War dialing
Defenses*
Dial Back /
Caller ID restrictions
Use authentication
Answer after 4 or more rings (why/war dialing)
Use a different numbering convention for RAS
ISD N
Uses same lines as phone lines,
directly dial into company or ISP
BRI
2 B Channels (64Kbits x 2)
1 D Channel (control channel) Out of Band
PRI
23 B Channels
1 D Channel
Not for personal use
AD SL
MUCH faster than IDSN (6-30 times
faster)
Must live very close to the DSL
equipment
Symmetric and Asymmetric
Always on (security concerns)
Doesnt connect directly to company
use VPN
Packet Sw itching
M PLS (M ultiProtocolLabeled
Sw itMPLS
chiisng
used to create cost effective, private Wide
M PLS
VO IP Voice O ver IP
Converts analog to digital
VO IP Security Issues
Eavesdropping (greatest threat)
Enable S/RTP
Toll Fraud
Vishing
SPIT
Performance Issues
Latency
Jittering
R EM O TE A C C ESS
P R O TO C O LS
D ial-up
PPP Point to Point Protocol: Provides Layer 2
Tunneling
A function of VPNs - Tunnel
encapsulates one protocol within
another protocol to create a virtual
network.
Can encrypts original IP headers
Can encrypts data
Allows for routing non routable
protocols and IP addresses
Can provide remote/internal IP
addresses
VPN protocols
Different protocols
PPTP
L2TP
IPSEC
PPTP
Point to Point Tunneling Protocol
Based on PPP (uses MPPE for encryption and PAP,
CHAP or EAP for authentication)
Lead by Microsoft protocol for a tunneling VPN
Only works across IP networks
Remote user connects to ISP, gets an Internet
Address
Establishes VPN connection to work VPN server,
gets Internal IP address.
Sends private IP packets encrypted within other
IP packets.
L2TP
Layer 2 Tunneling Protocol
Cisco designed L2F to break free of
W IR ELESS
802.11b
11Mbs
2.4Ghz (same as other home devices)
802.11g
54Mbs
2.4Ghz
WPAII
802.11n
100Mbs
2.4Ghz or 5Ghz
the middle)
Airsnarfi
ng (w ireless M itM )
Wireless AP
Wireless User
Attacker
encryption protocols
WEP
Shared authentication passwords
Weak IV (24 bits)
IV transmitted in clear text
RC-4 (stream cipher)
Easily crackable
Only option for 802.11b
WPA
Stronger IV
Introduced TKIP
Still used RC-4
Bluetooth
Bluetooth is a Personal Area Network
protocol designed to free devices
from physical wires.
Bluetooth Modes
Discovery Mode
Automatic Pairing
Bluetooth Attacks
Blue jacking
Sending SPAM to nearby bluetooth devices
Blue Snarfing
Copies information off of remote devices
Blue bugging
More serious
Allows full use of phone
Allows one to make calls
Can eavesdrop on calls
W AP
Wireless Application Protocol a protocol
developed mainly to allow wireless devices
(cell phones) access to the Internet.
Requires a Gateway to translate WAP <->
HTML (see visual)
Uses WTLS to encrypt data (modified version
of TLS)
Uses HMAC for message authentication
WAP GAP* problem (see visual and explain)
A lot of wireless devices dont need WAP
anymore.
W AP
W AP G AP
As the gateway decrypts from WTLS and encrypts as
SSL/TLS, the data is plaintext. If someone could
access the gateway, they could capture the
communications