Documente Academic
Documente Profesional
Documente Cultură
Network Security
Overview
www.huawei.com
OSI model
TCP/IP principles
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 2
Agenda
1. TCP/IP Introduction
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 3
OSI Model Introduction
Purposes
Design principles
Strengths
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 4
Introduction to the Seven Layers of
the OSI Model
APDU Application layer 7 Providing inter-application
communication
Upper
layers PPDU Presentation layer 6 Processing data formats and
data encryption
SPDU Session layer 5 Setting up, maintaining, and managing
sessions
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 6
Communication Between Peer Layers
Each layer communicates with its peer layer using the service provided by the
lower layer.
APDU
Application Application
PPDU
Presentation Presentation
SPDU
Session Session
Segment
Transport Transport
Packet
Network Network
Host A Host B
Frame
Data link Data link
Bit
Physical Physical
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 7
Procedure for Processing Network
Data Streams
Application Application
D
C
Presentation Presentation
A
Session Session
B E
Transport Router A Router B Router C Transport
Data link Data link Data link Data link Data link
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 9
Mapping Between the TCP/IP Model
and OSI Model
TCP/IP is simply tiered, and its layers clearly map with OSI model
layers.
OSI TCP/IP
Application layer
Session layer
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 10
Encapsulation and Decapsulation
Processes of TCP/IP Packets
Sender Recipient
Application Application
layer APP DATA
layer
Encapsulation process
Decapsulation process
Transport
Transport
layer TCP APP DATA
layer
Network Network
IP TCP APP DATA layer
layer
10101011010101001010100011101010010
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 11
Functions of Each TCP/IP Layer
Application
HTTP, Telnet, FTP,TFTP, DNS Providing a network interface
layer
for applications
Transport
TCP/UDP Establishing E2E connections
layer
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 13
Socket
80 20/21 23 25 53 69 161
TCP UDP
IP data packets
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 15
Data Link Layer Protocol
Ethernet protocol encapsulation
Destination Source
Type Data CRC
address address
Type
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 16
Network Layer Protocol
0 4 8 16 19 31
Source IP address
Destination IP address
IP option Padding
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 17
Transport Layer Protocol
0 8 16 24 31
Source port Destination port
UDP length UDP checksum (optional)
Data
SN
Acknowledgement number
URG
ACK
PSH
SYN
RST
FIN
Data offset Reserved (6 bits) Window size
TCP checksum Urgent pointer
Option
Data
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 19
Establishing a TCP Connection
Three-way handshake
Client Server
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 20
Closing a TCP Connection
Four-way handshake
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 21
Agenda
1. TCP/IP Introduction
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 22
TCP/IP Security Risks
3 2
Lacking an integrity
Lacking a confidentiality check mechanism
guarantee mechanism
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 23
TCP/IP Common Security Risks
Vulnerabilities, buffer overflow attacks,
Web application attacks, viruses and Application
Trojans layer
Equipment damage,
Network interception Physical layer
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 24
Equipment Damage
Damage of physical devices
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 25
Network Interception
Physical-layer devices
Hub
Repeater
Wireless network
Defense Interceptor
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 26
MAC Spoofing Attack
MAC spoofing is a type of very intuitive attacks. The attacker changes
its own MAC address to the address of a trusted system.
Defense
F0-DE-F1-33-7F-DA E0
E1
I am also: F0-DE-F1-33-7F-DA
Impostor
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 27
MAC Flooding Attack
MAC flooding attacks utilize:
Defense
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 28
ARP Spoofing Attack
A B
Hacker
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 29
IP Spoofing Attack
Why IP address is
easily spoofed?
Sniffer
A: 192.168.0.1 192.168.0.1 B:192.168.0.6
sniffed
request
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 30
Smurf Attack
192.168.1.3
192.168.1.1
192.168.1.4
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 31
ICMP Redirect Packet and
Unreachable Packet Attack
192.168.1.3
192.168.1.1
Why cant
I receive
192.168.1.4 the packet?
The gateway
Many ICMP cannot receive
the packet. Victim
redirect
The attacker 128.100.100.2
192.168.1.5 controls this
host.
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 32
IP Sweep Attack
An attacker uses ICMP packets or TCP/UDP packets to initiate
connections to certain IP addresses. By checking whether there are
response packets, the attacker can determine which target systems
are alive and connected to the target network.
192.168.1.2
192.168.1.3
192.168.1.4 192.168.1.
1 Attacker
192.168.1.5
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 33
TCP Spoofing Attack
Unauthorize
d connection
Host A
Host C SYN SEQ ACK
(Attacker) 1 11001 0
Spoofed packet from C to A
SYN ACK SEQ ACK
ACK SEQ ACK 1 1 5400211001
1 1100154003
Spoofed packet from B to A
Denial of A trusts B
service attacks
from C to B
Host B
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 34
SYN Flood Attack
SYN
Attacker Server
The SYN packet is the first packet in a TCP connection. The attacker
sends a large number of SYN packets. Then lots of half-open
connections are established on the attacked host, exhausting
resources of the attacked host.
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 35
UDP Flood Attack
UDP
Attacker Server
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 36
Port Scanning Attack
Port scanning attacks generally use the port scanning software
to initiate connections to a series of TCP or UDP ports on a
wide range of hosts. According to the response packets, the
attacker can determine whether hosts are providing services
through these ports.
Port scanning
Attacker
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 37
Buffer Overflow Attack
The most common among all software system
attack behaviors
Stack
Can be launched locally or remotely
Exploiting the loopholes in the various
software systems, including operating
systems, network services, and application
software, to launch attack code
The vulnerabilities are related to the
operating system and architecture, and the Data
attacker needs to have high-level
knowledge/skills.
Code
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 38
Web Application Attack
Common attacks
Targeting at clients
Web page that contains malicious code, the use of
browser vulnerabilities, threats to the local system
Targeting at servers
Use Apache / IIS ... loopholes
Use CGI implementation language (PHP / ASP / Perl ...)
and the implementation process loopholes
Database intrusion using the Web server
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 39
Agenda
1. TCP/IP Introduction
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 40
Passive Attack
Internet
Host A Host B
Monitoring
I need to obtain
confidential
information.
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 41
Active Attack
Internet
Host A
Service resources of
an enterprise
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 42
Man-in-the-Middle Attack
Internet
Falsify information
Host A Host B
Steal information
Active attack
Passive attack
Attacker
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 43
Summary
OSI model
TCP/IP principles
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 44
Question
Why is ARP spoofing easily initiated?
Why does TCP have header length, but UDP does not?
Copyright 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 45
Thank you
www.huawei.com