Network Security

Prerequisite:

  1. Open http://heart.climagic.com/ in browser
    Username:
    cybercamp
    Password: CahDo8xu
  2. Click on the link to download the zip file. The zip file contains network dump files (pcap extension) that we created that we will be viewing in a lab in this section.
  3. Also make sure you have Wireshark installed (www.wireshark.org)

Network Security

  • How the Internet works
  • IPs
  • DNS
  • Protocols
  • Encryption with SSL and TLS
  • Your home router/connection and ISPs
  • WiFi

Topics

(From a user's perspective)

How the Internet works

Guess what? It really is a "series of tubes".

 

Sources:

http://9gag.com/gag/amL8Voo/the-internet-is-a-series-of-tubes-confirmed

https://www.aflglobal.com/Products/Fiber-Optic-Cable/ADSS.aspx   

http://www.thefoa.org/tech/ref/OSP/install.html

How the Internet works

Network Security - A user's perspective

The Internet is made up of many millions of independent multi-level networks that are all linked together through common carriers (The "backbones") and facilitate communication using standardized protocols.

"The Internet is a network of networks"

Your home network is one of those networks

How the Internet works

Network Security - A user's perspective

How the Internet works

Network Security - A user's perspective

How most connections to a website work

Your ISP

Upstream provider A

Upstream provider B

Upstream provider C

(not used for this connection)

Datacenter (webserver's ISP)

Server hosting website you visit

How the Internet works

Network Security - A user's perspective

How most connections to a website work

Your ISP

Upstream provider A

Upstream provider B

Datacenter (webserver's ISP)

Server hosting website you visit

Opportunities for network

traffic to be seen by others

How the Internet works

Network Security - A user's perspective

Internet Protocol Addressing (IP addresses)

 

At a low level, we need to use numbers for addresses.

This is what an IP address looks like.

 

129.79.43.149

The general structure is

A.B.C.D

  • From left to right each number becomes more specific.
  • Each position in the dotted quad can be a number from 0 to 255.
  • Some numbers (like 0 and 255) have special meaning.

How the Internet works

Network Security - A user's perspective

Internet Protocol Addressing (IP addresses)

129.79.43.149

For the IP above, we have the following allocation hierarchy

  • 129.0.0.0 - 129.255.255.255 = Allocated to ARIN by IANA
  • 129.79.0.0 - 129.79.255.255 = Allocated to IU by ARIN
  • 129.79.43.0 - 129.79.43.255 = Allocated by IU for various servers
  • 129.79.43.149 = Allocated by IU for natas.cacr.iu.edu

How the Internet works

Network Security - A user's perspective

Internet Protocol Addressing (IP addresses)

The allocations are mostly administrative and does not always map to a physical location or logical network hierarchy

  • 129.80.0.0/16 = Oracle Corporation
  • 129.79.0.0/16 = Indiana University
  • 129.78.0.0/16 = University of Sydney (Australia)

*You can use a 'whois' program to determine this information.

How the Internet works

Network Security - A user's perspective

Domain Name System (DNS)

Because people think they don't like remembering numbers.

DNS translates a name you type in such as www.youtube.com into an IP address.

www.youtube.com

172.217.6.110

Your web browser then connects to the IP address and tells the server listening on that IP that it wants to visit www.youtube.com.

LAB: Try typing in the IP address above in your web browser's address bar to see what happens.

How the Internet works

Network Security - A user's perspective

Domain Name System (DNS)

Because people think they don't like remembering numbers.

  • DNS information comes from DNS servers.
  • Your ISP's DNS server determines answer for you.
  • This information can be overridden by you, your ISP or an attacker.
  • This information can be spoofed.
  • Unfortunately solutions to security problems (such as DNSSEC) are not widely adopted yet.

How the Internet works

Network Security - A user's perspective

Possible Lab: Let's update /etc/hosts on your computer to go to the local natas challenge.

On Windows the file is located at

C:\windows\system32\drivers\etc\hosts

On Mac and Linux it is /etc/hosts

WARNING:

  • Changing this file can alter your internet connectivity.
  • It also requires admin privileges to alter.

How the Internet works

Network Security - A user's perspective

LAB: Let's make a DNS query ourselves

  • Open the command line
    • Mac or Linux: Open the Terminal program
    • Windows: Run cmd.exe
  • type 'nslookup www.owasp.org'
  • Now type the IP returned into your web browser's address bar.

How the Internet works

Network Security - A user's perspective

Examples of DNS exploits

  • Your ISP changing DNS responses
  • DNS cache poisoning
  • Malware changing /etc/hosts or DNS settings
  • Malware changing DHCP DNS servers
  • Typosquatting
  • Registration lapse and hijacking
  • Unicode look-a-like characters
  • Common point of failure (8.8.8.8)
  • Cosmic Rays!

How the Internet works

Network Security - A user's perspective

Protocols

  • Most Internet protocols use TCP or UDP protocols
  • TCP allows for more reliable connections
  • UDP allows for lower overhead
  • Both can use port numbers from 0 to 65535
  • Standard protocols have a defined port (like HTTP = port 80)
  • A network client (such as a web browser) just establishes a connection and speaks the protocol.
  • We can even do it manually.

How the Internet works

Network Security - A user's perspective

Protocols: Demo

  • Open a terminal program
  • Run the command:
    telnet www.apple.com 80
  • Once connected, you can now communicate using the HTTP protocol.
  • GET / HTTP/1.1
    Host: www.apple.com
    

AHHH! WHAT ARE YOU DOING?

How the Internet works

Network Security - A user's perspective

Demo Wireshark (www.wireshark.org) using network dump files

Open http://heart.climagic.com/

Username: cybercamp

Password: CahDo8xu

Click on the link to download the zip file.

How the Internet works

Network Security - A user's perspective

Demo Wireshark (www.wireshark.org) using network dump files

Open http://heart.climagic.com/

Username: cybercamp

Password: CahDo8xu

Click on the link to download the zip file.

  • Show how Browser view source works
  • Show how cookies work
  • Show robots.txt
  • Show URL manipulation

How the Internet works

Network Security - A user's perspective

Protocol exploits

  • Most standard protocols predate their common usage. Security was an afterthought (There's that assumption stack again)
  • Many protocols allow the client to fake information
  • Most protocols don't have encryption by default
  • Implementation mistakes
  • Clients often don't authenticate servers
  • MITM attacks

How the Internet works

Network Security - A user's perspective

All parts of the Internet are constantly under attack

How the Internet works

Network Security - A user's perspective

WiFi exploits

  • No authentication (Open Wifi)
  • WEP security is too weak
  • Hidden WiFi is actually worse
  • WPA and WPA2 are decent
  • Easy to guess passwords, often never changed
  • WiFi Pineapple
  • Your ESSID can be used to track you.

You are here

Can you guess what this is?

How the Internet works

Network Security - A user's perspective

Protecting data confidentiality with encryption

  • Scrambles information in a way that helps prevent unauthorized access.
  • It does not prevent unauthorized parties from intercepting the encrypted data
  • People have been encrypting data to maintain secrecy for thousands of years.

How the Internet works

Network Security - A user's perspective

Protecting data confidentiality with encryption

The Caesar Cipher

Used by Julius Caesar to protect military messages

Works by shifting each letter by a set number of positions

Source: https://en.wikipedia.org/wiki/Caesar_cipher#/media/File:Caesar_cipher_left_shift_of_3.svg

How the Internet works

Network Security - A user's perspective

Protecting data confidentiality with encryption

The Caesar Cipher

Caesar usually used a left shift of 3

PROTECT THE WEST WALL

MOLQBZQ QEB TBPQ TXII

Decryption is accomplished by knowing the encrypted message and the key, which is just the shift value and direction of shift

How the Internet works

Network Security - A user's perspective

Protecting data confidentiality with encryption

The Vigenère cipher

Works by using a "pass word" as the key for shifting the letters in the plaintext message.

Plaintext:

Key:

Ciphertext:

ATTACKMONDAY

ABCABCABCABC

ASRABIMNLDZW

How the Internet works

Network Security - A user's perspective

Protecting data confidentiality with encryption

How encryption can fail

  • Usually problem with implementation or operation.
  • Keys not kept secret
  • Did not follow required procedure
  • Copy of plaintext was discovered
  • Algorithm is flawed (We rolled our own)

How the Internet works

Network Security - A user's perspective

Internet of Things (IoT)

Source: http://edge.alluremedia.com.au/m/g/2016/03/shutterstock_329520023_1080.jpg

How the Internet works

Network Security - A user's perspective

Internet of Things (IoT)

(Basically, anything connected to the internet)

Source: http://edge.alluremedia.com.au/m/g/2016/03/shutterstock_329520023_1080.jpg

  • Traditional computer
  • Mobile devices
  • Printers
  • Webcams
  • Baby monitors
  • Refrigerators
  • Thermostats
  • Smoke Alarms
  • Doorlocks
  • Heart monitors
  • Coffee maker
  • and on and on and on........

How the Internet works

Network Security - A user's perspective

Source: http://edge.alluremedia.com.au/m/g/2016/03/shutterstock_329520023_1080.jpg

Talk about IoT and Dyn DNS DDoS attack on Friday, October 21, 2016 (Yesterday)

  • Distributed Denial of Service Attack (DDoS)
  • Data, sometimes random, sometimes not, is sent from thousands or even millions of computers to a target, overwhelming, the target's resources.
  • Targeted a major DNS provider (Dyn) that is used by Netflix, Twitter, Reddit, Paypal and others
  • Malware used to infect home and industry IoT devices called Mirai, controls what those devices attack. (Command & Control Software)
  • Distributed nature of DNS allowed victim websites to continue working for other parts of the Internet

Copy of CACR Cybercamp 2017

By Susan Sons

Copy of CACR Cybercamp 2017

Slides from CACR Cybersecurity Camp 2017

  • 116
Loading comments...

More from Susan Sons