Sunteți pe pagina 1din 41

Chapter 1 Network Security Overview

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

www.huawei.com

Chapter 1 Network Security Overview Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. www.huawei.com
Objectives  Upon completion of this course, you will be able to understand:  OSI

Objectives

Upon completion of this course, you will be able to understand:

OSI model

TCP/IP principles

TCP/IP security issues

Common attack means for TCP/IP

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 2

issues  Common attack means for TCP/IP Copyright © 2013 Huawei Technologies Co., Ltd. All rights
Agenda 1. TCP/IP Introduction 2. TCP/IP Security Issues 3. Common Network Attacks Copyright © 2013

Agenda

1.

TCP/IP Introduction

2.

TCP/IP Security Issues

3.

Common Network Attacks

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 3

Issues 3. Common Network Attacks Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

OSI Model Introduction

Purposes

Design principles

Strengths

 Purposes  Design principles  Strengths Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 4

Purposes  Design principles  Strengths Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Introduction to the Seven Layers of the OSI Model

Upper

layers

Lower

layers

the Seven Layers of the OSI Model Upper layers Lower layers APDU PPDU SPDU Segment Packet

APDU

PPDU

SPDU

Segment

Packet

Frame

Bit

Application layer

7 Providing inter-application communication

Presentation layer

6

Processing data formats and

data encryption

Session layer

5

Setting up, maintaining, and managin

sessions

Transport layer

4 Establishing E2E connections between hosts

Network layer

3

Addressing and routing

Data link layer

2

Providing medium access and link management

Physical layer

1

Transmitting bit streams

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 6

layer 1 Transmitting bit streams Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

Communication Between Peer Layers

Each layer communicates with its peer layer using the service provided by the lower layer.

peer layer using the service provided by the lower layer. Host A Application APDU Presentation PPDU

Host A

Application

APDU

service provided by the lower layer. Host A Application APDU Presentation PPDU Session Transport Network Data

Presentation

PPDU

the lower layer. Host A Application APDU Presentation PPDU Session Transport Network Data link Physical

Session

Transport

Network

Data link

Physical

SPDU

Transport Network Data link Physical SPDU Segment Packet Frame Bit Copyright © 2013 Huawei

Segment

Network Data link Physical SPDU Segment Packet Frame Bit Copyright © 2013 Huawei Technologies Co.,

Packet

Network Data link Physical SPDU Segment Packet Frame Bit Copyright © 2013 Huawei Technologies Co., Ltd.

Frame

Network Data link Physical SPDU Segment Packet Frame Bit Copyright © 2013 Huawei Technologies Co., Ltd.

Bit

Data link Physical SPDU Segment Packet Frame Bit Copyright © 2013 Huawei Technologies Co., Ltd. All

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Application

Presentation

Session

Transport

Network

Data link

Physical

Page 7

All rights reserved. Application Presentation Session Transport Network Data link Physical Page 7 Host B

Host B

All rights reserved. Application Presentation Session Transport Network Data link Physical Page 7 Host B

Procedure for Processing Network Data Streams

Application D C Presentation A Session B E Transport Router A Router B Router C
Application
D
C
Presentation
A
Session
B
E
Transport
Router A
Router B
Router C
Network
Network
Network
Network
Data link
Data link
Data link
Data link
Physical
Physical
Physical
Physical

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 9

Application

Presentation

Session

Transport

Network

Data link

Physical

All rights reserved. Page 9 Application Presentation Session Transport Network Data link Physical

Mapping Between the TCP/IP Model and OSI Model

TCP/IP is simply tiered, and its layers clearly map with OSI model layers. OSI

TCP/IP

Application layer Presentation layer Session layer Transport layer Network layer Data link layer Physical layer
Application layer
Presentation layer
Session layer
Transport layer
Network layer
Data link layer
Physical layer
Application layer Transport layer Network layer Data link layer
Application layer
Transport layer
Network layer
Data link layer

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 10

layer Network layer Data link layer Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Encapsulation and Decapsulation

Processes of TCP/IP Packets

Decapsulation process Sender Recipient Application Application APP DATA layer layer Transport Transport layer
Decapsulation process
Sender
Recipient
Application
Application
APP
DATA
layer
layer
Transport
Transport
layer
TCP
APP
DATA
layer
Network
Network
IP
TCP
APP
DATA
layer
layer
Encapsulation process
Data link
Data link
Eth
IP
TCP
APP
DATA
layer
layer
10101011010101001010100011101010010

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 11

layer 10101011010101001010100011101010010 Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 11

Functions of Each TCP/IP Layer

Application layer
Application
layer
Functions of Each TCP/IP Layer Application layer Providing a network interface for applications TCP/UDP Transport layer

Providing a network interface for applicationsFunctions of Each TCP/IP Layer Application layer TCP/UDP Transport layer Establishing E2E connections ICMP, IGMP

TCP/UDP

Transport layer
Transport
layer

Establishing E2E connectionsnetwork interface for applications TCP/UDP Transport layer ICMP, IGMP Network IP layer ARP, RARP Addressing and

ICMP, IGMP Network IP layer ARP, RARP
ICMP, IGMP
Network
IP
layer
ARP, RARP

Addressing and routingE2E connections ICMP, IGMP Network IP layer ARP, RARP Data link layer Ethernet, 802.3, PPP, HDLC,

Data link layer
Data link
layer

Ethernet, 802.3, PPP, HDLC, FR

Accessing physical mediaand routing Data link layer Ethernet, 802.3, PPP, HDLC, FR Copyright © 2013 Huawei Technologies Co.,

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 13

802.3, PPP, HDLC, FR Accessing physical media Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Socket

HTTP FTP Telnet SMTP DNS 20/21 23 25 80 53
HTTP
FTP
Telnet
SMTP
DNS
20/21
23
25
80
53
TFTP SNMP 69 161
TFTP
SNMP
69
161

TCP

SMTP DNS 20/21 23 25 80 53 TFTP SNMP 69 161 TCP UDP IP data packets

UDP

SMTP DNS 20/21 23 25 80 53 TFTP SNMP 69 161 TCP UDP IP data packets

IP data packets

Socket

Socket

Source socket: source IP address + protocol + source port

Destination socket: destination IP address + protocol + destination port

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 15

IP address + protocol + destination port Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Data Link Layer Protocol

 Ethernet protocol encapsulation Destination Source Type Data CRC address address 6 bytes 6 bytes
 Ethernet protocol encapsulation
Destination
Source
Type
Data
CRC
address
address
6 bytes
6 bytes
2 bytes
46-1500 bytes
4 bytes
Type

Type 0800: indicates IP.

Type 0806: indicates ARP.

Type 8035: indicates RARP.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 16

ARP.  Type 8035: indicates RARP. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Network Layer Protocol

0

4

8

16

19

31

Header

length

Version

Type of service

Total length

Identifier

Flag

Fragment offset

TTL

Protocol

Head checksum

Source IP address

Destination IP address

IP option

Padding

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 17

Destination IP address IP option Padding Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

ACK

URG

PSH

SYN

RST

FIN

Transport Layer Protocol

0

8

16

24

31

Source port

Destination port

 

UDP length

UDP checksum (optional)

 
 

Data

UDP packet format

Source port

Destination port

SN

Acknowledgement number

Data offset

Reserved (6 bits)

Window size

TCP checksum

Urgent pointer

Option

Data

TCP packet format

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 19

Urgent pointer Option Data TCP packet format Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Establishing a TCP Connection

Three-way handshake

Establishing a TCP Connection  Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd.

Client

Establishing a TCP Connection  Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd.
Establishing a TCP Connection  Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd.
Establishing a TCP Connection  Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd.
Establishing a TCP Connection  Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd.

Server

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 20

 Three-way handshake Client Server Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

Closing a TCP Connection

Four-way handshake

Closing a TCP Connection  Four-way handshake Proactively cut off the connection Copyright © 2013 Huawei

Proactively cut off the connection

 Four-way handshake Proactively cut off the connection Copyright © 2013 Huawei Technologies Co., Ltd. All
 Four-way handshake Proactively cut off the connection Copyright © 2013 Huawei Technologies Co., Ltd. All
 Four-way handshake Proactively cut off the connection Copyright © 2013 Huawei Technologies Co., Ltd. All

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 21

connection Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 21 Passively cut off

Passively cut off the connection

connection Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 21 Passively cut off
Agenda 1. TCP/IP Introduction 2. TCP/IP Security Issues 3. Common Network Attacks Copyright © 2013

Agenda

1.

TCP/IP Introduction

2.

TCP/IP Security Issues

3.

Common Network Attacks

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 22

Issues 3. Common Network Attacks Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

TCP/IP Security Risks

Lacking a data source authentication mechanis 1 m 3 2 Lacking an integrity check mechanism
Lacking a data source
authentication mechanis
1
m
3
2
Lacking an integrity
check mechanism
Lacking a confidentiality
guarantee mechanism

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 23

a confidentiality guarantee mechanism Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 23

TCP/IP Common Security Risks

Vulnerabilities, buffer overflow attacks, Web application attacks, viruses and Trojans …

Application layer
Application
layer
Transport layer Network layer Data link layer Physical layer
Transport layer
Network layer
Data link layer
Physical layer

TCP spoofing, SYN flood, UDP flood,

port scanning

IP spoofing, Smurf attacks, ICMP flood attacks, IP sweep

Equipment damage, Network interceptionspoofing, Smurf attacks, ICMP flood attacks, IP sweep … MAC spoofing, MAC flooding, ARP spoofing …

MAC spoofing, MAC

flooding, ARP spoofing

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 24

MAC spoofing, MAC flooding, ARP spoofing … Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Equipment Damage

Damage of physical devices

Direct

damage

to

physical

network

facilities,

such

as

server

infrastructure

and

network

transmission

and

communication

facilities

Equipment damage attacks mainly aim to disrupt network services.

Defense against equipment damage

Mainly relies on non-technical factors, such as constructing a solid equipment room and formulating strict security management regulations.

room and formulating strict security management regulations. Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 25

strict security management regulations. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 25

Network Interception

Physical-layer devices

Hub

Repeater

Wireless network

Defense

 Hub  Repeater  Wireless network  Defense Interceptor  Replace hubs and repeaters with
 Hub  Repeater  Wireless network  Defense Interceptor  Replace hubs and repeaters with
 Hub  Repeater  Wireless network  Defense Interceptor  Replace hubs and repeaters with
Interceptor
Interceptor

Replace hubs and repeaters with switches.

On wireless networks, use strong authentication and encryption mechanisms.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 26

authentication and encryption mechanisms. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 26

MAC Spoofing Attack

MAC spoofing is a type of very intuitive attacks. The attacker changes its own MAC address to the address of a trusted system.

Defense

Configure static entries on the switch and bind MAC addresses with specific port.

on the switch and bind MAC addresses with specific port. F0-DE-F1-33-7F-DA E0 E1 I am also:
on the switch and bind MAC addresses with specific port. F0-DE-F1-33-7F-DA E0 E1 I am also:

F0-DE-F1-33-7F-DA

E0 E1
E0 E1
E0 E1

E0

E0 E1

E1

addresses with specific port. F0-DE-F1-33-7F-DA E0 E1 I am also: F0-DE-F1-33-7F-DA Impostor Copyright © 2013

I am also: F0-DE-F1-33-7F-DA

Impostor

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 27

E1 I am also: F0-DE-F1-33-7F-DA Impostor Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

MAC Flooding Attack

MAC flooding attacks utilize:

MAC address learning mechanism of switches

Number limit of MAC entries

Switch forwarding mechanism

Attacker

of MAC entries  Switch forwarding mechanism Attacker  Defense  Configure static MAC entries. 
of MAC entries  Switch forwarding mechanism Attacker  Defense  Configure static MAC entries. 

Defense

 Switch forwarding mechanism Attacker  Defense  Configure static MAC entries.  Configure a limit

Configure static MAC entries.

Configure a limit for the number of MAC entries on the port.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 28

for the number of MAC entries on the port. Copyright © 2013 Huawei Technologies Co., Ltd.

ARP Spoofing Attack

A

ARP Spoofing Attack A Hacker B  When A needs to communicate with B:  A

Hacker

B

When A needs to communicate with B:

A sends an ARP request to ask for the MAC address of B.

B sends an ARP reply to notify A of its MAC address.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 29

an ARP reply to notify A of its MAC address. Copyright © 2013 Huawei Technologies Co.,

IP Spoofing Attack

A: 192.168.0.1

Sniffer

192.168.0.1

Attack A: 192.168.0.1 S n i f f e r 192.168.0.1 Why IP address is easily
Why IP address is easily spoofed?
Why IP address is
easily spoofed?

B:192.168.0.6

Makes it paralyzed Spoofed reply sniffed request
Makes it paralyzed
Spoofed reply
sniffed
request

The trust relationship between hosts are build through IP addresses.

Attakcs can forge legitimate IP addresses to obtain confidential information.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 30

addresses to obtain confidential information. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

Smurf Attack

The attacker 192.168.1.2 ICMP echo request, src = 128.100.100.2 dest = 192.168.1.255 controls this host.
The attacker
192.168.1.2
ICMP echo request,
src = 128.100.100.2
dest = 192.168.1.255
controls this
host.
192.168.1.3
192.168.1.1
192.168.1.4
ICMP echo replies
Victim:
128.100.100.2
192.168.1.5

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 31

replies Victim: 128.100.100.2 192.168.1.5 Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page 31

ICMP Redirect Packet and Unreachable Packet Attack

ICMP Redirect Packet and Unreachable Packet Attack The attacker controls this host. Many ICMP dest unreachable
The attacker controls this host.
The attacker
controls this
host.
Unreachable Packet Attack The attacker controls this host. Many ICMP dest unreachable flood to 192.168.1.x,

Many ICMP dest unreachable flood to

192.168.1.x,

src=128.100.100.2

dest unreachable flood to 192.168.1.x, src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive

192.168.1.2

flood to 192.168.1.x, src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet?
flood to 192.168.1.x, src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet?
flood to 192.168.1.x, src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet?

192.168.1.3

192.168.1.1

src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet? Victim 128.100.100.2
src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet? Victim 128.100.100.2
src=128.100.100.2 192.168.1.2 192.168.1.3 192.168.1.1 Why can’t I receive the packet? Victim 128.100.100.2
Why can’t I receive the packet? Victim
Why can’t
I receive
the packet?
Victim

128.100.100.2

The gateway cannot receive the packet.
The gateway
cannot receive
the packet.

192.168.1.4

Many ICMP redirect

cannot receive the packet. 192.168.1.4 Many ICMP redirect The attacker controls this host. 192.168.1.5 Copyright ©
cannot receive the packet. 192.168.1.4 Many ICMP redirect The attacker controls this host. 192.168.1.5 Copyright ©

The attacker controls this host.

192.168.1.5

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 32

The attacker controls this host. 192.168.1.5 Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

IP Sweep Attack

An attacker uses ICMP packets or TCP/UDP packets to initiate connections to certain IP addresses. By checking whether there are

response packets, the attacker can determine which target systems

are alive and connected to the target network.

192.168.1.2 192.168.1.3 192.168.1.4 192.168.1. 1 192.168.1.5
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.
1
192.168.1.5

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

192.168.1. 1 192.168.1.5 Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Attacker Page 33

Attacker

Page 33

192.168.1. 1 192.168.1.5 Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Attacker Page 33

TCP Spoofing Attack

Unauthorize d connection Host A Host C SYN SEQ ACK (Attacker) 1 11001 0 Spoofed
Unauthorize
d connection
Host A
Host C
SYN
SEQ
ACK
(Attacker)
1 11001
0
Spoofed packet from C to A
SYN
ACK
SEQ
ACK
ACK
SEQ
ACK
1
1
5400211001
1 11001
54003
Spoofed packet from B to A
Denial of
service attacks
from C to B
A trusts B
Host B

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 34

attacks from C to B A trusts B Host B Copyright © 2013 Huawei Technologies Co.,

SYN Flood Attack

SYN Flood Attack SYN Attacker S e r v e r  The SYN packet is
SYN Flood Attack SYN Attacker S e r v e r  The SYN packet is

SYN

SYN Flood Attack SYN Attacker S e r v e r  The SYN packet is

Attacker

Server

The SYN packet is the first packet in a TCP connection. The attacker sends a large number of SYN packets. Then lots of half-open connections are established on the attacked host, exhausting resources of the attacked host.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 35

exhausting resources of the attacked host. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

UDP Flood Attack

UDP Flood Attack UDP Attacker S e r v e r  The attacker sends a
UDP Flood Attack UDP Attacker S e r v e r  The attacker sends a
UDP Flood Attack UDP Attacker S e r v e r  The attacker sends a

UDP

Attacker

Server

The attacker sends a large number of UDP packets to the server to occupy the bandwidth of the server. As a result, the server is overloaded and cannot provide services for external users.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 36

cannot provide services for external users. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Port Scanning Attack

Port scanning attacks generally use the port scanning software to initiate connections to a series of TCP or UDP ports on a

wide range of hosts. According to the response packets, the

attacker can determine whether hosts are providing services through these ports.

whether hosts are providing services through these ports. Attacker Port scanning Copyright © 2013 Huawei Technologies

Attacker

Port scanning
Port scanning

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

through these ports. Attacker Port scanning Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.
Page 37
Page 37
through these ports. Attacker Port scanning Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Buffer Overflow Attack

The most common among all software system attack behaviors

Can be launched locally or remotely

Exploiting the loopholes in the various software systems, including operating systems, network services, and application software, to launch attack code

The vulnerabilities are related to the operating system and architecture, and the attacker needs to have high-level knowledge/skills.

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Stack

Data

Code

Page 38

knowledge/skills. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Stack Data Code Page 38

Web Application Attack

Common attacks

Targeting at clients

Web page that contains malicious code, the use of

browser vulnerabilities, threats to the local system

Targeting at servers

Use Apache / IIS

Use CGI implementation language (PHP / ASP / Perl

loopholes

)

and the implementation process loopholes

Database intrusion using the Web server

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 39

 Database intrusion using the Web server Copyright © 2013 Huawei Technologies Co., Ltd. All rights
Agenda 1. TCP/IP Introduction 2. TCP/IP Security Issues 3. Common Network Attacks Copyright © 2013

Agenda

1.

TCP/IP Introduction

2.

TCP/IP Security Issues

3.

Common Network Attacks

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 40

Issues 3. Common Network Attacks Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

Passive Attack

Internet
Internet

Monitoring

Passive Attack Internet Monitoring Host A Host B I need to obtain confidential information. Copyright ©
Passive Attack Internet Monitoring Host A Host B I need to obtain confidential information. Copyright ©

Host A

Passive Attack Internet Monitoring Host A Host B I need to obtain confidential information. Copyright ©

Host B

Passive Attack Internet Monitoring Host A Host B I need to obtain confidential information. Copyright ©
I need to obtain confidential information.
I need to obtain
confidential
information.
Host A Host B I need to obtain confidential information. Copyright © 2013 Huawei Technologies Co.,

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 41

I need to obtain confidential information. Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Active Attack

Internet Service resources of an enterprise
Internet
Service resources of
an enterprise
Active Attack Internet Service resources of an enterprise Spoofing attack Falsification attack D o S a

Spoofing attack

Service resources of an enterprise Spoofing attack Falsification attack D o S a t t a

Falsification attack

of an enterprise Spoofing attack Falsification attack D o S a t t a c k

DoS attack

attack Falsification attack D o S a t t a c k Host A Spoofed part

Host A

Spoofed part

Spoofed part

Data payload

Packet header

Falsified part

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 42

Data payload Packet header Falsified part Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Man-in-the-Middle Attack

Internet
Internet
Man-in-the-Middle Attack Internet Host A Falsify information Steal information Host B Active attack Passive attack

Host A

Man-in-the-Middle Attack Internet Host A Falsify information Steal information Host B Active attack Passive attack
Falsify information Steal information
Falsify information
Steal information
Internet Host A Falsify information Steal information Host B Active attack Passive attack Attacker Copyright ©

Host B

Active attack

Passive attack

Attacker

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 43

Host B Active attack Passive attack Attacker Copyright © 2013 Huawei Technologies Co., Ltd. All rights
Summary  OSI model  TCP/IP principles  TCP/IP security issues  Common attack means

Summary

OSI model

TCP/IP principles

TCP/IP security issues

Common attack means

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 44

security issues  Common attack means Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.
Question  Why is ARP spoofing easily initiated?  How to initiate IP spoofing attacks?

Question

Why is ARP spoofing easily initiated?

How to initiate IP spoofing attacks?

What is the difference between TCP and UDP?

Why does TCP have header length, but UDP does not?

Why does TCP connection establishment require a three-way handshake, but disconnection require a four-way handshake?

handshake, but disconnection require a four-way handshake? Copyright © 2013 Huawei Technologies Co., Ltd. All rights

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Page 45

disconnection require a four-way handshake? Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved. Page

Thank you

www.huawei.com

Thank you www.huawei.com