IT 430 Information Assurance

1
IT 430 Information Assurance

• Lesson 3 Network Protocol Models

2
Protocols

• What is a Protocol?
• Why Have Protocols?
• Who Defines Protocols
• Committees
• Vendors
• Why Study Protocols (with regard to Network
  Security)

3
OSI Reference Model
4
OSI Reference Model
5
OSI and TCP / IP Reference Models
6
Why Do Security Analysts Care About Protocols?

• Protocols are Designed to Transmit Information
• Security Tends to Block known bad traffic
• If the Bad Guy Wants Access, They Can pretend
  to Be Someone Else (Spoofing)
• If the Bad Guy Wants to Transmit Your Data,
  They can Place Information in the Unused Frames

7
TCP Three Way Handshake
1) SYN w/ Sequence Number
2) Ack w/ Sequence Number 1 and Original Request
3) Ack w/ Sequence Number 1
4) Connection
8
UDP
9
Secure Socket Layer

• Standard 3-way handshake PLUS
• Client Certificate
• Server Certificate
• Digitally Signed by Certificate Authority
• Encrypted Session

10
IPSEC

• IP Layer
• Authentication of data source
• Confidentiality
• Data integrity
• Protection Against Replays
• Commonly Used for VPNs

11
Protocol Analyzers

• Sniffers
• Parse Network Packets
• Help Determine Protocols that are in Use

12
Man-in-the-Middle Attack
DNS Server
Bob (123.45.67.89)
Alice
(192.168.10.10)
2. Wheres Bob
3. 66.66.66.66
Poison DNS
1.
4. Connect to Bob
5. Here the connection with Alice
Eve (66.66.66.66)