Internet Systems Architecture TMG 5372

About This Presentation

Title:

Internet Systems Architecture TMG 5372

Description:

This allows you to create/delete directories, get files and put files. Architectural Model ... are .us (United States), .fr (France) and .uk (United Kingdom) ... – PowerPoint PPT presentation

Number of Views:432

Avg rating:3.0/5.0

Slides: 239

Provided by: zipl

Category:

more less

Transcript and Presenter's Notes

Title: Internet Systems Architecture TMG 5372

1
Internet Systems ArchitectureTMG 5372

Brian Ford
brianpford_at_yahoo.com

2
How The Internet Works

By Preston Gralla
Que publishing
ISBN 0-7897-2582-7

3
What is the Internet ?

Collection of thousands of cooperating computer
networks and organizations
Not organized by any central committee
Standards based IAB - Internet Activities
Board, IETF Internet Engineering Task Force
W3C World Wide Web Consortium industry
consortium run by the Laboratory for computer
Science at MIT

4
How the Internet comes together

Funding through the National Science Foundation
(NSF) the federal government pays for some of the
high speed backbones that carry internet traffic
across the country and around the world
Registrars companies that register Internet
domain names InterNIC had sole responsibility
for doing this, now other companies can register
internet domains. These companies register the
mappings between domain names and IP addresses.

vBNS Backbone very high speed backbone network
service. Todays backbone technology that operates
at 155 Mbits / sec.
Internet2 a new higher speed backbone being
funded by the government. When finished in 2003
this network will link 140 universities. Data
transfer rates will be at 2.4 Gigabits / sec.
Internet Service providers Companies that
provide connections to the internet to the
general public. ISPs provide connections to the
internet via dialup, DSL or cable modems

NAP network access point major carriers of
internet traffic connect to the internet backbone
through network access points

7
How computers communicate across the internet

The internet is a packet switched network. Data
to be transmitted is broken up into smaller data
packets that are transmitted one at a time.
TCP/IP Transmission Control Protocol / Internet
Protocol. TCP/IP is the transmission protocol for
all traffic on the internet
Internet Protocol responsible for ensuring that
packets are sent to the right destination.
Packets have IP headers that contain the source
and destination IP addresses of the packet.
Packets also contain the data being transmitted

Transmission Control Protocol higher level
protocol that is responsible for breaking the
data into packets and reassembling it at the
other end. TCP uses IP to transmit the packets.
TCP handles the error correction and
retransmission of lost or damaged packets
FTP file transfer protocol. Protocol built on
top of TCP/IP that is used to transfer files. FTP
tools provide a client-server mechanism that
interfaces to the files and directories on a
remote machine. This allows you to create/delete
directories, get files and put files.

9
Architectural Model

TCP/IP networking software is modeled in layers.
This layout is called a protocol stack or TCP/IP
stack. Each layer is independent of the
implementation of the other layers.
Network interface and hardware layer also
called the link layer or data link layer. This
layer provides the physical hardware to
interconnect computers. This interconnect may be
serial line, Ethernet or wireless interconnects.

Internetwork layer typically uses internet
protocol to transmit packets. This indicates the
use of internet addresses to address machines on
the network. This layer is connectionless and
does not provide flow control, reliability or
error recovery. These are provided by upper
layers.
Transport layer typically TCP or UDP (User
Datagram Protocol) that provide the dissambly of
data into packets and reassembly of packets into
data at the receiving end. TCP provides error
detection and recovery (via retransmissions), UDP
relies on the upper layers to provide error
detection and recovery.

11
Application Layer

Applications that cooperate with a counterpart on
another host. This is typically in a
client-server model. Example applications are
File Transfer Protocol FTP, TELNET used to
login to remote computers, Simple Mail Transfer
Protocol SMTP.

12
FTP

FTP File Transfer Protocol a protocol for
transferring file to and from a remote host
A client application that connects to a FTP
server on a remote host. The FTP client allows
you to send files, receive files, delete files,
create and remove directories on the remote host.
There are graphical and command line versions of
the FTP client. FTP is standard on most systems.
You can download graphical FTP clients such as
WSFtp.

13
Telnet

Client server tools that allow you login to a
remote machine and execute text based commands as
if you were on the remote machine. Graphical
tools can be run on the remote host and the
display can be shown on the local host using X
based tools and an X server on the local machine.

14
HTTP

Hyper Text Transfer Protocol
Client server model
User to view HTML or other content provided by
Web servers
Client side is typically a browser, Netscape,
NCSA Mosaic, Internet Explorer. Lynx is a text
based browser.
Server is a Web Server, typically Apache or
Microsoft IIS

15
IP Addressing

IP addresses are 32 bit numbers represented in
dotted decimal form. This is the form of four
eight bit values separated by dots. Each host on
the Internet has a unique internet address.
The standards for IP addresses are described in
RFC 1166 Internet numbers
IP addresses are composed of a network and host
part. The first bits of the IP address specify
how the rest of the IP address should be broken
down into its network and host portions.

16
Five Classes of IP addresses

Class A first bit is 0, 7 bits for network
address gt 126 possible networks, 24 bits for the
host number gt 16,777,214 hosts on each network.
Class B first two bits are 10, 14 bits for the
network number gt 16382 networks, 16 bits for the
host number gt 65534 hosts
Class C first three bits are 110, 21 bits for
the network number gt 2,097,150, 8 for the host
gt 254 hosts

17
Five Classes of IP addresses

Class D first four bits are 1110 gt These
addresses are reserved for multicast
Class E first four bits are 1111 gt These
addresses are reserved for future use.

18
Subnets

To accommodate the growth of IP addresses in use
the concept of subnetting was developed.
The host portion of the IP address is split again
into a network number and a host number. The
second network is termed a subnet. The IP address
is now interpreted as
ltnetwork numbergtltsubnet numbergtlthost numbergt
A subnet mask is used to indicate how much of the
host address is allocated to the subnet number
and host number.

19
IP Header

IP packet header
http//www.erg.abdn.ac.uk/users/gorry/course/inet-
pages/ip-packet.html

20
Special IP addresses

Any component of an IP address that is either all
zeroes or all ones has a special meaning.
All zeroes means this network. This is commonly
used when requesting IP addresses from a server
All ones means all addresses. This is used in
broadcast messages.
127.X.X.X loopback address. Anything sent to an
address where 127 is the high byte is a loopback
request.

21
Private Internets

Special IP addresses are reserved for private
networks. Networks that are entirely inside an
organization and do not require addresses on the
internet. The addresses available for private
internets and how to use them are defined in RFC
1918. These addresses are
10.X.X.X a single class A network
172.16 through 172.31 16 contiguous class B
networks
192.168.0 through 192.168.255 256 contiguous
class C networks.

22
Private Internets

Private internets will typically connect to the
internet through a firewall / router.
Private internets will use NAT network Address
Translation to communicate with the internet.
The use of private internets reduces the need for
additional addresses on the internet and slows
the consumption of addresses.

23
Ports

A port is a 16-bit number (the allowed range
being 1 through 65535) used by the TCP and UDP
protocols at the transport layer.
Ports are used to address applications (services)
that run on a computer. The operating system uses
the port number to route packets to the intended
application.

24
NAT Network Address Translation - Outgoing

Router software rewrites the IP header source
address to its own address
Router software rewrites the source port to a new
port number generated by the router.
The router maintains a table of the mappings
between the generated port numbers and their
corresponding original source address and
original source port.

25
NAT Incoming / response

Router receives an incoming packet. The
destination address is the routers address.
Router looks at the IP header of the packet and
gets the destination port number.
Router looks up the destination port number in
its table to determine the original destination
address and original destination port.
Router rewrites the IP header destination address
and destination port number with the original
source address and original source port number
determined from the destination port number
lookup.

26
Static and Dynamic IP Addresses

When you connect to the internet your host must
be identified by an IP address.
IP addresses can be either static or dynamic
Static your computer keeps the same address all
the time
Dynamic IP addresses that are assigned every
time that you connect to the internet

27
Dynamic Addresses - DHCP

DHCP Dynamic Host Configuration Protocol
DHCP is commonly used to assign IP addresses on
Private networks
These networks may be a subnet at work that needs
access to the internet but all the machines are
behind a firewall and dont need IP addresses
that are on the internet, so private IP addresses
are used
DHCP is typically used by your ISP to give you an
IP address on one of its private networks

28
DHCP

DHCPDISCOVER request from a client (your host)
to the DCHP server for an IP address
DHCPOFFER response to the client from the DHCP
server offering a specific IP address to the
client
DHCPREQUEST client to server, packet accepting
the offered IP address
DHCPPACK server to client, acknowledgement of
IP address acceptance

29
BOOTP

Protocol for the dynamic configuration of IP
addresses
BOOTP is the underlying protocol for DHCP

30
ARP Address Resolution Protocol

Protocol used to map between IP addresses and
physical machine addresses on the local network
called MAC addresses
Sending computer uses a broadcast message to
request the MAC address of the computer with a
specific IP address. The computer with that IP
address responds with its MAC address
ARP cache table used to store IP address to
MAC address map. The entries in this table are
deleted after a timeout value has expired. If
another transmission is required after the
timeout period the ARP process must take place
again. If the IP address is still in the cache it
is used.

31
Media Access Control address

globally unique 6 byte (48 bit) address allocated
when the factory manufactures the network
interface card
Data Link Control Layer of the OSI model has 2
sub-layers The Logical Link control Layer and
the Media Access Control Layer
To discover the MAC address on your home
computer Click on the Start Menu then select
Run, type winipcfg then click OK, in the drop
down menu select the item corresponding to your
network card (ignore the PPP Adapter)

32
Routers

Routers are processors that decide where to send
each incoming IP packet to based on its
destination IP address
Routers have several physical ports or Ethernet
connections. Incoming packets on one port are
inspected and forwarded to a port that is in the
direction of the destination address
Routers calculate the best route and then send
the packet toward its final destination.

33
Routing

Routers use factors such as traffic congestion
and the number of hops to the destination to make
routing decisions
The routing process uses routing tables to make
its routing decisions. Routing tables are maps of
IP addresses and the corresponding output port to
send the packet to for that destination IP
address
If the destination IP address is on the same
network as the router then the packet is sent
directly to the destination computer

34
Routing Tables

There are two kinds of routing tables, static and
dynamic
Static routing tables are simpler and specify a
route for each packet to get to its destination
Dynamic routing tables allow packets to have
multiple routes to get to their destination.
Dynamic routing allows the router the opportunity
to make decisions based on traffic. Dynamic
routing tables can change and they are built by
routing protocols.

35
Routing protocols

There are two basic types of routing protocols,
interior and exterior
An interior routing protocol is typically used on
a companies intranet or internal network and they
route traffic within the intranet.
A common interior routing protocol is the Routing
Information Protocol or RIP

36
Exterior Protocols

Exterior routing protocols are used for routers
located on the Internet
A common exterior routing protocol is the
Exterior Gateway Protocol or EGP

37
Routing Traffic

Packets to be routed are kept in an input queue
or area of memory. The router processes packets
in the order in which they are received
If the input queue overflows or runs out of space
packets can be lost
When packets are lost the TCP protocols on the
sending and receiving computers will request to
have the packets re-sent

38
Router Table Explosion

Standard IP routing understands only class A, B
and C network classes.
In a small to medium sized company that has a
range of class C addresses instead of a single
class B address each network must be routed
separately.
There is no way to express that the range of IP
addresses for this company need to be routed
together. The need for so many routing table
entries can cause router table explosion.
For example a single class B network of 3000
hosts requires only one router table entry. A
company with a range of class B addresses would
require 16 router table entries

39
CIDR Classless Internet Domain Routing

CIDR does not route according to the class of the
IP address but according to the high order bits
of the network portion of the IP address called
the IP prefix.
CIDR entries contain a 32 bit IP address and a 32
bit mask which together give the length and value
of the IP prefix
CIDR handles the routing for a group of
contiguous IP addresses that have a common prefix
with a single routing table entry
This process of combining multiple networks into
a single entry is called address aggregation

40
Internet Control Message Protocol

ICMP uses IP to transmit Control packets
ICMP packet delivery is unreliable (because it is
based on IP) so applications cant depend on
receiving ICMP packets
ICMP packets are used to Announce Network
errors, Announce Network congestion, Assist
Troubleshooting, Announce Timeouts

41
Traceroute

Traceroute a network debugging utility that
traces the route that a packet would take from
your computer to a destination address

42
Time To Live

IP packet headers have a TTL field that controls
the number of network hops a packet is allowed to
travel on the way to its destination
TTL is used to prevent router loops that would
allow a packet to travel around the internet
indefinitely
Each router decrements the TTL value before
forwarding the packet

43
Traceroute uses TTL

Traceroute uses the TTL field to determine the
route that a packet will take on its way to the
destination address
To determine the first hop in a network route
traceroute sends a packet to the destination
address with a TTL value of one, meaning only
allow one network hop for this packet to get to
the destination address
The router receives this packet, decrements the
TTL value and sees that the TTL value is zero.
The router sends an ICMP Time Exceeded Message
back to the sender. The Time Exceeded Message has
the routers IP address as the source address of
the packet

44
How Traceroute works

Traceroute sends packets with incrementing TTL
values to determine the routers on the path from
the source to the destination, stopping when the
message reaches the destination
See http//www.dnsstuff.com/ Tracert box

45
Ping

Ping is a useful network debugging program. It
tells you if the remote host that you are pinging
is alive and connected to the network.
Ping is implemented using the ICMP Echo function
Ping sends a single ICMP Echo packet and expects
a single packet in response
Ping places a timestamp in each packet sent which
is echoed back. This can easily be used to
calculate the round trip time. This can tell you
if a path is busy or if a server is slow in
responding

46
The need for IPv6

Today, Internet growth is driven not only by the
sheer number of people and organizations that
need access, but also by several emerging
factors, including
global appeal and scope of the Internet
multiservice networks offering voice, video, and
data
wireless and mobile devices
IP-enabled consumer devices

47
What is IPv6 ?

IPv6 is the next generation of IP addressing
architecture, sometimes called Ipng for IP next
generation
IPv6 provides expanded addressing and routing
capabilities
Quality of service capabilities
Authentication and Privacy capabilities

48
IPv6 Addressing

In IPv6 IP addresses will be 128 bits instead of
the 32 bits in IPv4
Supports more levels of address hierarchy
Greater number of addressable nodes
Simpler auto-configuration of addresses allows
routers and hosts to configure themselves
IP packet header format simplification - allows
128 bit addresses in only twice the space
Improved support for options options are not
sent in each and every packet, they are only sent
when necessary

49
IPv6 Autoconfiguration

Autoconfiguration is built into IPv6
Stateful autoconfiguration an extension to DHCP
called DHCPv6
Stateless determine an address from
information within the host itself. This is in
part based on the MAC address of the network node
that is to be configured.

50
IPv6 Quality of Service

Quality of service allows packets to be handled
with differing priorities
Packets that are more real-time such as
videoconferencing or internet phone based require
a higher quality of service
Packets for FTP for example might be routed along
a slower or longer path allowing the better
performing channels to be allocated to realtime
applications

51
IPv6 Authentication and Privacy

Security can be added to all packets in IPv6
Its use is optional
Allows for use of VPNs or tunnels
Authentication Header AH provides
authentication and integrity
Encapsulated Security Payload ESP provides
confidentiality

52
TCP/IP server-side programming mechanisms

Socket() creates a new socket
Close() closes the socket
Bind() bind a socket to a address and port
number
Listen() sets up the listen queue for a socket
Accept() accepts an incoming connection from
another socket. Returns a new socket that is
connected to the requesting socket

53
TCP/IP client-side programming mechanisms

Socket() create a new socket
Close() closes the socket
Connect() initiates a connection to a server

54
TCP/IP Data transmission mechanisms

Send() sends data on the socket
Recv() receives data from a socket

55
TCP/IP other procedures

Getpeername() get the address of the other end
of the connection
Getsockname() get address bound to socket
Gethostbyname() perform a DNS lookup for
hostname
Gethostbyaddr() get host information from its
ip address

56
Inetd Internet daemon

Daemon (or server) that manages connections to
Well Known Services
Reads the /etc/inetd.conf file where the Well
Known Services intended to be run on this
computer are listed
Creates a listen port for all the entries
specified in the /etc/inetd.conf file
Each time a connection to a Well Known Service is
requested inetd spawns a child process to handle
the request
Getservbyname() uses the /etc/inetd.conf
entries to get the server addresses

57
Well Known Services

FTP 21 TCP
TELNET 23 TCP
SMTP 25
TFTP 69 UDP
DNS 53
HTTP 80 TCP
POP3 110
LOGIN 513 TCP

58
DNS

Domain Name System

59
DNS Domain Name System

With all the computers that are interconnected on
the internet it would be impossible to remember
the IP addresses them. Domain Names provide a
user friendly way to identify computers on the
internet
Domain names are names for computers that can be
mapped to and from the IP address for that
computer
A distributed database holding the alphanumeric
names and IP addresses (and more) of every
registered system on the Internet

60
Domain Names

Domain names are hierarchical in nature with the
rightmost name being the highest part of the
hierarchy. These are called the top-level domain
names
The top level domain names that we are most
familiar with are .com, .net and .org
Other top-level domain names are based on
geography. Some examples are .us (United States),
.fr (France) and .uk (United Kingdom). See
http//www.norid.no/domenenavnbaser/domreg.html
Limited to 63 characters in length

61
Domain Name Registries

A registrar is a company that registers your
Domain Name and give you a unique IP address to
corresponds with the domain name
The registrar will also maintain contact and
technical information for the domain name.
The registrar will supply the contact
information, technical information, domain name
and IP address to a central directory called a
registry.
The registry provides other computers on the
internet the information necessary to find your
web site or map your domain name to your IP
address. New DNS entries can take 2 days to
complete and 2 days to propogate worldwide

62
Domain Name Servers

Domain Name Servers servers that map domain
names to their corresponding IP addresses. Name
servers typically run Berkley Internet Name
Domain (BIND) software
Most domains have a primary name server and a
secondary name server that would be contacted if
the primary could not be reached

63
Root Domain Servers

Root Domain Servers - provide the mapping to the
top-level domain names such as .com, .org, .net,
.us, etc.
The root name servers for top-level US domains
are maintained by the Network Information Center
(InterNIC)
There are currently 13 root name servers in the
world today. See http//netmon.grnet.gr/pings/roo
tnsping
The Root Name Servers will query domain
registers several times a day for new or changed
Domain Name entries

64
Authoritative Name Servers

Authoritative Name Servers name servers at the
next level in the hierarchy. These would be
Domain Names such as neu.edu, ibm.com, dell.com,
etc.
Authoritative Name Servers will typically query
the root name servers every 24 hours for new /
changed records

65
DNS Lookup

To perform a DNS lookup a client computer would
Look in its resolv.conf file to find the ip
address of the DNS Server then send a DNS Lookup
request to the specified DNS Server
The DNS Server would see if the entry to be
looked up is in its local database
If the request cannot be answered from the DNS
Servers local database the DNS Server would then
send the query to a server that is authoritative
for the root of the local domain

66
DNS Lookup Contd

If the request cannot be answered from the root
DNS Server then the root DNS Server will respond
with the IP addresses of DNS Servers for the
requested domain.
These subsequent queries to the DNS Server for
the requested domain will be performed by the DNS
Server for the requesting client.
Once the DNS Server for the requesting client has
resolved the name lookup then it will cache the
address for future lookups in its local database

67
What information is handled by DNS

A records Address records - map of domain names
to IP addresses
MX records Mail eXchange records - map of
domain name to mail servers that will accept mail
for delivery
NS record Name Server record queried to find
out other name servers to use to query deeper
into a domain
SOA record Start of Authority record contains
parameters about the domain itself
CNAME records Canonical name records contains
information about aliases, other names that a
computer answers to

68
DNS tools

Whois query the root name server to get
information about an authoratative name server.
See http//michael.iserver.com/dns/p2.html
Nslookup lookup the IP address for a domain
name or the domain name for an IP address. See
http//www.infobear.com/nslookup.shtml
/etc/resolve.conf configuration file that
specifies the nameserver, local domain name and
other DNS configuration options

69
DNS tools contd

DNS report a handy web page that will
interrogate a site and identify problems. See
http//www.dnsreport.com
List of DNS tools See http//directory.google.c
om/Top/Computers/Internet/Protocols/DNS
Man pages See http//www.vanhegan.net/manual/se
arch/index.php

70
Computer Protection

Firewalls and Anti-Virus software

71
Why do computer networks need Protection

Denial Of Service DOS Attacks
Back Orifice Programs
Server ports available to the Internet
Viruses
Trojan Horses

72
Denial of Service Attacks

A Denial of Service attack is when a computer is
sent a flood of ICMP echo requests (Ping
requests). So many in fact that the computer is
unable to do anything else because it is so busy
answering the Ping requests
A DOS attack is accomplished by sending a ping
requests to a computer, but the source address of
the ping request has been forged to be the IP
address of the target of the DOS attack

73
DOS Attacks contd

The computer that receives the ping request then
sends a response to the target
The number of ping responses can be multiplied by
sending the ping request to a computer networks
direct broadcast address. This will relay the
ping request to all the computers on the network
which will in turn respond to the target computer
with a flood a ping response packets

74
Back Orifice Programs

A Back Orifice program can be installed onto your
computer by an email virus
Back Orifice acts similar to a rlogin or telnet
server. A client program can connect to the Back
Orifice server and then the client can perform
operations on your computer as if they were
sitting at the console
Back Orifice typically operates on port 31337,
but could be any port. Another similar program is
called NetBus
http//www.symantec.com/avcenter/warn/backorifice.
html

75
Server ports available to the Internet

Port probing software can determine which ports
are available on the Internet (including back
orifice)
If server ports, such as FTP or telnet, are
available to the Internet then people can try to
guess the login name and password

76
Viruses

Viruses are self-replicating pieces of software
that infect executable programs that may reside
on your hard disk
Viruses can be written to cause problems on your
computer, deleting files or modifying them to
cause problems in the future
Viruses can attack four parts of your computer
Executables, directory system, boot and system
areas, and data files

77
Trojan Horses

Trojan Horses are programs that appear to be a
normal program but really are a malicious program
or virus in disguise
The Melissa Virus was an example of a Trojan
Horse where the virus was sent as a Microsoft
Word Document in an email
When the user activated the virus by clicking on
the MSWord attachment the virus sent itself to
the first 50 people in the Outlook address book

78
Protection Tools

Firewalls protect intranets from unwanted
Internet traffic
Anti-Virus Software
Port probes
Intrusion Detection Tools

79
Firewalls

Firewalls protect your network from unsolicited
traffic from the Internet
Firewalls provide a single point of control for
network traffic so that all the computers on the
network can be protected, but the administration
is limited to one machine
Firewalls work by inspecting the packets from the
internet and determining if they should be
allowed to travel to your internet
Firewalls can also be used to limit access to
certain types of network traffic, for example
outbound FTP traffic may be disallowed

80
Firewall techniques

Packet Filtering inspect individual packets
according to a general set of rules, discard
packets that dont meet the requirements
Proxy services provide an intermediary that
will allow intranet access to the internet. This
is commonly done to provide a single point of
control and logging facilities
Stateful Packet Inspection look at packets as a
part of the overall connection or flow of data

81
Stateful Packet Inspection

The firewall looks at the source and destination
address of packets coming into the network that
it is protecting
The firewall keeps a table of communications that
have originated from within the network. The
packets that are allowed in are packets that are
in response to communications that have
originated from within the network that it is
protecting

82
Accessing a Well Known Service through a Firewall

Firewalls can be configured to allow the port for
a well known service to be accessed
For example if you wanted to provide a web server
on your network you would allow packets going to
the web server port (typically port 80) on the
web server host to go through

83
ICMP requests

Firewall configurations can be modified to allow
ICMP requests to be passed through. You can allow
ICMP echo requests (the basis of the Ping
program), timestamp requests, router requests and
redirects
ICMP requests are typically shut off to protect
against DOS attacks

84
Anti-Virus Software

There are two basic types of anti-virus
protection, on demand and on access protection.
On Demand protection is when a user requests a
virus scan. These can be scheduled (every night)
or interactive
On Access protection is when a user goes to
access a specific file, that file is checked when
the file is opened or closed in real-time for
viruses

85
Virus scanners

Virus scanners look for virus signatures in
files. These signatures could be exact signatures
or a signature that would indicate a family of
viruses
Virus scanners also check assemble code for
possible viral behavior, such as examining an
file to see if it executable
http//online.securityfocus.com/infocus/1622

86
Port Probes

Port probes can be used on an intranet to find
machines on the local network that have
disallowed ports open
Port probes can be used to find machines on the
intranet that have unauthorized IP addresses

87
Intrusion Detection Tools

Tripwire - maintain a database of the signatures
files on a machine to identify if the files have
been modified.
Detect port scanning detect when someone is
checking all ports available on a host
Detect port sweeps detect when someone is
checking a single port on several computers
FTP, telnet and rlogin login failures
Tcpdump dump out tcp packets from the network

88
Pre-emptive hardening

SATAN System Administrator tool for analyzing
networks recognizes several common network
security holes and reports them. Common problems
are NFS exporting, OLD (unsecure) sendmail
version, Xserver access control, TFTP access
control problems, rsh access control, writable
anonymous FTP home directory

89
COPS

Computer Oracle and Password System
An inspection system (similar to SATAN) that will
check your system for known security holes, such
as file permissions, passwords, password and
group files, /etc/rc and cron files, root SUID
scripts, CRC check of files and executables, home
directory configuration, anonymous ftp setup,
tftp setup, etc.
http//www.fish.com/cops/overview.html

90
Privacy

The basis of privacy on the internet is
encryption
Encryption can be based on symmetric key or
asymmetric key encryption

91
Symmetric Key Encryption

Symmetric key encryption also called Secret
Key encryption uses the same key for encrypting
and decrypting.
The key is typically a large random number that
tells the encryption algorithm how to encrypt the
data
Works on the Data Encryption Standard (DES). Keys
are typically 56 bits

92
Asymmetric Key Encryption

Asymmetric key encryption uses different keys for
encryption and decryption. This is designed to
solve the key-exchange Catch-22 problem
Typically these keys are called public and
private keys. This techniques is called Public
Key Encryption
A message encrypted with a public key can only be
decrypted with the corresponding private key and
vice-versa
Public key cryptography was invented in 1976 by
Whitfield Diffie and Martin Hellman. For this
reason, it is sometime called Diffie-Hellman
encryption

93
Combined Symmetric/Asymmetric

Symmetric keys are fast to encode/decode but they
are difficult to distribute
Asymmetric keys are slow to encode/decode but
they are easy to distribute
Solution use the asymmetric keys to encode the
symmetric keys and use the symmetric keys to
encode the data

94
Data Integrity

Hash Functions
Message Authentication Codes
Digital Signatures

95
Hash Functions

A hash function algorithmically generates a fixed
length output for an arbitrary length input.
Hash functions are used to provide Digital
Fingerprints of the arbitrary length input
The Digital fingerprints are used to ensure that
a message has not been altered
Examples of hash algorithms are MD5, SHA-1 and
RIPE-MD-160

96
Message Authentication Codes

A Message Authentication code is an encrypted
version of the hash function. This provides extra
security that the message has not been altered
The MAC is calculated by hashing the input data
and then encrypting it with a shared key

97
Digital Signatures

Digital Signatures can also be used to ensure
data integrity
The sender digitally signs the data using his
private key and then the receiver can verify the
data using the senders public key

98
Application Examples

Email
User Authentication
Virtual Private Networks
Web Site Security

99
Email Encryption

Pretty Good Privacy uses public key encryption to
allow users to send / receive encrypted emails
MD5 can be used to create message signatures to
ensure that the content of the message was not
modified

100
User Authentication

Passwords should not be sent in clear text
Passwords are entered into a form that is
provided by a secure server. When the form
containing the password is transmitted to the
secure server the content of the form is encrypted

101
Virtual Private Networks

Virtual Private networks provide privacy of
packets transmitted on the public network through
encryption
Virtual private networks provide access to an
intranet to remote employees
Virtual Private Networks can be software using
Tunneling technology

102
Tunneling

The remote user is running Tunnel client
software.
The tunnel client software connects to a Tunnel
server with a fixed IP address at the central
location
The tunnel client and server transmit / receive
encrypted packets and encode / decode them.
The client looks like it is sitting on the
servers intranet because the client communicates
its requests to the server who acts as a proxy
for the client requests

103
Web Site Security

Protection from modification
Assurance that the data has not been modified
Control of access

104
Protection from modification

Keep track of the Message Hash of all the files
on the web site
Store the hash values in a database
Periodically compare the hash values for the
files on disk against the files in the database

105
Assurance that the data has not been modified

Provide digital signatures of web pages to users
so then they are ensured that the pages have not
been modified

106
Control of access

Provide strong user authentication
Query username and password over a protected
channel

107
Internet Protocols

HTTP, HTTPS, FTP

108
HTTP

HTTP has two flavors HTTP 1.0 and HTTP 1.1
HTTP 1.0 is the basic set of features necessary
to implement a web server
HTTP 1.0 provides some new extensions to the 1.0
features

109
HTTP 1.0

HTTP was written by Tim Berners-Lee
HTTP 1.0 implements the following requests
GET retrieve requested URL
HEAD returns the headers identified by the
request URL
POST - sends data of unlimited length to the Web
server

110
GET vs. POST

GET passes query parameters as a part of the
URL
POST passes parameters separately from the URL in
the request header
POST is used if you dont want the parameters
visible to the user on the address bar or if the
size of the parameter data is large

111
HTTP 1.0 Request

Browsers send HTTP requests to the web server.
The web server responds with a response.
Get /mattmarg/ HTTP/1.0
This is a GET request. The requested URL is
/mattmarg and the request protocol is HTTP 1.0
http//hotwired.lycos.com/webmonkey/geektalk/97/06
/index4a.html

112
HTTP 1.0 Request Headers

From the name of the requester
Accept mime types that will be accepted by the
client, default is text/plain and text/html
Accept-Encoding Lists acceptable content
encoding types such as x-compress, x-zip
Accept-Language language accepted
User-Agent client program generating the request

113
HTTP 1.0 request headers

Referer URL where the request originated
Authorization username and password
Charge-To
If-Modified-Since get only if the file is new,
if the file has not changed generates a 304 not
modified reply
Pragma generic extension facility, currently
only no-cache is defined

114
HTTP Response

HTTP servers respond with information about the
status of the request. If the requested file was
found or not, when the file was last modified,
etc.
200 OK 200 series indicates Success
300 series redirection
400 series Client Error, 404 File not found
500 series Server Error
HTTP connections are closed after the response is
delivered

115
HTTP 1.1

HTTP 1.1 maintains a single connection throughout
several request response pairs using a feature
called keepalive
HTTP 1.1 allow parallel request / responses to
take place
HTTP 1.1 offers improved control of cacheing

116
HTTP 1.1 Additional request types

PUT stores a resource as the requested URL
DELETE delete the requested URL
OPTIONS returns the HTTP methods that the
server supports
TRACE return the header fields sent with the
TRACE request. Similar to a PING request.
CONNECT ask the server to switch to a secure
connection

117
URL format

A URL is of the form
Protocol//hostport/file?parameters
The protocol can be http, https (secure http),
ftp, gopher or others
Port number is optional, http defaults to 80
File is the path to the file that you want to
retrieve
Parameters are a set of name/value pairs that are
used to send parameter data from the client to
the server
http//hotwired.lycos.com/webmonkey/geektalk/97/06
/index4a.html
http//hotwired.lycos.com/webmonkey/99/30/index4a_
page3.html

118
HTTPS

Secure http transactions
Based on SSL Secure Sockets Layer, introduced
by Netscape in 1995
SSL uses RSA public/private key cryptography

119
SSL

SSL operates above the TCP/IP layer and below the
application layer
Typically SSL operates with HTTP to form the
HTTPS protocol siute, but it can be used with
other application layer protocols such as LDAP or
IMAP
http//developer.netscape.com/docs/manuals/securit
y/sslin/contents.htm

120
SSL features

SSL allows you to
Authenticate the web server
SSL client authentication
Communicate privately
Communicate without tampering

121
Digital Certificate

SSL uses digital certificates to authenticate the
person that you are communicating with. For a
customer of an E-commerce site this ensures them
that they are communicating with the intended
site.

122
A Digital Certificate contains

The certificate issuers name (Verisign for
example)
The entity for whom the certificate is being
issued (called the subject)
Public key of the subject
A digital certificate can be issued by a third
party
http//www.first-american.net/SSL.html

123
Session Key

Once a web site has been authenticated a session
key is generated. This is a symmetric private key
Session keys are now 128 bit strength
The session key is encrypted with the web sites
public key and sent to the web site. This ensures
message privacy
Two way secure communication is now possible

124
Message Integrity

SSL ensures message integrity
Messages are sent with a hash code typically
MD5 hashing is used to sign a message

125
Web Pages

Applets, HTML, DHTML, XML, WML

126
Applets

Applets are Java programs that implement a set of
standards that allow them to execute in a Java
compatible browser
The Java compatible browser has a Java plugin
that implements a Java Virtual Machine (JVM aka
JRE) inside the browser
The plugin provides the execution environment for
the Applet including security

127
Applet

Applets need two pieces First the compiled Java
code in a .class file, and second a HTML page
that calls the applet
The HTML page calls an applet using the tags
ltAPPLETgtlt/APPLETgt
For example this HTML code calls a HelloWorld
applet. The output of the applet is presented in
a window that is 150 pixels wide and 25 pixels
high.
ltAPPLET CODE"HelloWorld.class" WIDTH150
HEIGHT25gt
lt/APPLETgt

128
Hello World Applet

The HelloWorld Applet is formed from a HTML page
that runs the HelloWorld applet. The output of
the HelloWorld applet goes into a window or
screen area provided by the HTML in the APPLET
tags.
http//java.sun.com/docs/books/tutorial/getStarted
/applet/

129
HTML

HTML Hyper Text Markup Language
HTML specifies to the browser how to display the
content in a HTML page
HTML can be created using a simple text editor or
more complicated web authoring tools such as
FrameMaker

130
HTML tags

HTML uses tags to describe to the browser the
layout and sections of a HTML page
Tags are distinguished from the content because
they are enclosed in ltgt angle brackets
lttaggt means the start of a tag
lt/taggt means the end of a tag
The tags that describe how to display the
content are often called markup

131
HTML sections

A HTML page is enclosed in a lthtmlgtlt/htmlgt tag
pair.
The HTML page has two sections, the head and the
body
Head the heading of an HTML page. Contains the
title and other information.
Body contains the content of the page and the
tags that describe how to display the content.

132
HTML head section

The HTML head section is enclosed in
ltheadgtlt/headgt tags
The head section contains information that wont
appear on the page itself
Title is part of the head section.
The head section can also contain meta-tag
information

133
HTML Title tag

The title would be enclosed in lttitlegtlt/titlegt
tags
The title appears in the Title bar of the web
browser
The title of the web page would be the title of
the page when it is added to your Favorites or
Bookmarks lists
Search Engines use the title tag to help people
find the pages that they are looking for

134
HTML meta-tag information

Meta tag information is an extensible mechanism
that is used to specify name/value pairs of
information
Meta-tags come in two flavors http-equiv and
name
http-equiv meta tags can be used by the server to
create http headers. So dont make up meta-tag
names when you use http-equiv, use name instead.
Name meta-tags specify name/value pairs

135
http-equiv meta-tags

http-equiv meta-tags are equivalent to http
headers
http-equiv meta-tags can be used to perform
reloads and redirects. For example
ltMETA HTTP-EQUIV"Refresh" CONTENT"3URLhttp//w
ww.some.org/some.htmlgt
http-equiv meta-tags can be used to control
caching, specify content type and encoding
http//vancouver-webpages.com/META/metatags.detail
.html

136
Name meta-tags

Name/value pair meta-tags are extensible, you can
use any name that you wish
There are many predefined name meta-tags
Keywords words that describe the content
Description a summary of the web page content
Robots controls if automated crawlers or
spiders are allowed to access this page
Author the author of the page

137
HTML body

The body of the HTML page contains the content
and formatting that you will see on the page.
The body tags allow you to control how the
content will be displayed
Here is an HTML comment
lt!--Eric, please keep your comments to
yourself.--gt

138
HTML body tags text formatting

ltbrgt - line break
ltpgtparagraphlt/pgt
ltp aligncentergtCenter Aligned Paralt/pgt
ltpregtpreformatted textlt/pregt
ltblockquotegtIndent sideslt/blockquotegt

139
Font properties

ltbgtBold Textlt/bgt
ltigtItalic Textlt/Igt
ltugtUnderlined Textlt/ugt
ltsgtStrikeout Textlt/sgt
ltttgtTypewriter (mono font spacing) Textlt/ttgt
ltblinkgtBlinking Textlt/blinkgtltbrgt
ltmarqueegtScrolling Textlt/marqueegt

140
Font Size

lth1gtLargest Headerlt/h1gt
lth6gtSmallest Headerlt/h6gt
ltfont size1gtLargest Fontlt/fontgt
ltfont size7gtSmallest Fontlt/fontgt

141
Color

ltbody bgcolorlight-grey textblackgtlt/bodygt -
This will set the background color of the page
and the color of the text
ltfont colorredgtRed Textlt/fontgt
Colors may also be specified as a RGB triplet, as
in ffffff white, 000000 black, ff0000
red, 00ff00 green, 0000ff - blue
http//www.v-d-l.com/tut_fm_colors.html

142
Links

Links allow you to specify a Title and the web
page to go to when the link is clicked
The body tag allows you to specify the color for
links on the page
ltbody linkredgt
would make all the links on you page red
You can also specify a color for vlink visited
links and alink for the link color when clicked

143
Link Syntax

lta hrefURLgtLink Titlelt/agt - clicking on the
Link Title will cause the browser to load URL
lta hrefmailtoemailgtContact Uslt/agt - send email
lta namelabel1gtlt/agt - creates a label that is
used to jump to specific parts of a document
lta hreflabelgtLabel Titlelt/agt - clicking on
this link will cause the browser to jump to the
specified label

144
List of tags available and what they do

http//www.angelo.edu/services/technology/html_exa
mples.htm
HTML cheat sheet - http//hotwired.lycos.com/webmo
nkey/reference/html_cheatsheet/index.html

145
DHTML

Dynamic HTML technology that allows you to
control how elements are placed and displayed in
a browser window
DHTML consists of three technologies, Cascading
Style Sheets, JavaScript and the Document Object
Model.
DHTML is not a W3C approved standard, it is a
marketing term used by Microsoft and Netscape to
describe the new technologies that the 4.0
browsers would support

146
Cascading Style Sheets

CSS allows you to
specify position as relative or absolute
Make elements visible / invisible
Change the mouse cursor
Filters allows you to specify more style and
effects to your content

147
Document Object Model

The Document Object Model gives access to all the
elements in a document
Elements have ids associated with them which can
be referred to in Script programs
Example lth1 idheadergtHeaderlt/h1gt
Now attributes of the header (font color, size,
etc.) can be changed Dynamically from JavaScript
The elements that are accessible are window,
document, navigator, event

148
Events

Onmouseover and onmouseout
Onclick
Onmouseup and onmousedown
onload

149
DHTML capabilities

With javascript as a language, the ability to
handle events, the ability to access and modify
elements of the web page using DOM and CSS we
have an unlimited ability to make dynamic web
pages
Dynamic HTML capabilities are only available with
browsers version 4.0 or higher
http//www.w3schools.com/dhtml/default.asp

150
XML

Extensible Markup Language
XML is a subset of the Standard Generalized
Markup Language SGML
XML documents are conforming SGML documents
Primary purpose is a electronic publishing and
data exchange format
XML allows you to create, transmit and store
structured data
http//www.w3schools.com/xml/xml_examples.asp

151
DTD

DTD Document Type Definition Describes the
content of the XML file
Ensures consistency in the XML document
Ensure all required elements are present
Prevents undefined elements from being used
Enforces a specific data structure

152
XML Parsing

SAX Simple Api for XML an api used in
programs that parses XML files and allows the
programmer access to the parts of the XML file.
SAX is used typically in streaming environments
and it is event driven
DOM Document Object Model another api that is
used in programs to access the content of an XML
file. DOM allows the entire XML file to be stored
in memory all at once and the program can access
any part of the XML at any time

153
XSL XML document presentation

Extensible Style sheet Language
HTML uses predefined tags that tell the browser
how to display HTML
XML because it is extensible has no predefined
tags. XSL is used to describe the presentation
and formatting of an XML file
XSL consists of three parts
XSLT XML Document Transformation
XPath a pattern matching syntax
XSL Formatting Objects A vocabulary for
formatting XSL objects

154
XHTML Extensible HTML

XHTML consists of the elements in HTML 4.01
combined with the syntax of XML
XHTML enforces that the documents are well formed
documents, that all the open tags have close
tags, tags must be properly nested and tags must
be in lower case

155
SOAP

Simple Object Access Protocol
SOAP is used to communicate objects to remote
clients and servers
SOAP is at the top of the Heirarchy of
SOAP
XML
HTML over HTTP
TCP/IP

156
What is SOAP ?

SOAP is a generic protocol that transmits data in
XML format over HTTP
The generic format allows clients of different
types to communicate with each other without
prior knowledge of each other or each others
platforms
SOAP allows distributed components to communicate
even if they are implemented in different
languages

157
WAP

WAP Wireless Access Protocol a protocol for
accessing information and services from wireless
devices
WAP is carrier neutral. It should work no matter
what the physical layer and carrier
WAP enabled phones run the OpenWave browser
WAP exists because of the constraints of mobile
computing devices such as Form factor, CPU,
Memory and storage, Battery, Display and Input.

158
WML

Wireless Markup Language WML is a part of the
Wireless Application Protocol suite
It is a lightweight markup language intended for
use on mobile devices such as PDAs and Cell
Phones
WML is a successor to the HDML Handheld Device
Markup Language
WML is a compliant subset of XML

159
Email

Sending Email, Receiving Email

160
Mail Acronyms

MTA - mail transfer agent - intermediates for
transferring email. Programs such as sendmail are
MTAs
MDA - mail delivery agents - programs responsible
for receiving email and placing it itno users
mail boxes
MUA - Mail User Agents- client software for
reading / sending email
http//www.yolinux.com/TUTORIALS/LinuxTutorialMail
MTA.html

161
Email usage

Email allows you to send information from one
computer to another.
Email is the most widely used internet
application
Email addresses are of the form
username_at_hostname.domainname

162
Sending Email

sendmail handles the sending of email. DNS MX
records identify the host to send email to for a
specified domainname
Email clients can connect to sendmail to get it
to send an email
Email messages are sent via SMTP, Simple Mail
Transfer Protocol.
sendmail will queue outgoing email messages and
perform retries. DSN - delivery status
notification specifies how the retries will be
performed
http//www.sendmail.org/ca/email/dsn.html

163
MX records

when sending an email the sendmail application
looks up the domain name of the email address
that you are sending to to get its MX record
The MX record contains is the domain name of an
email server and a priority for using that server
The sendmail program will now do a second DNS
lookup to get the A record which contains the IP
address of the email server and sends the email
to that IP address

164
SMTP