A computer network is a system in which computers are connected to share information and resources. The connection can be done as peer-to-peer or client/server. This web site reviews the techniques you can use to set up and possibly manage a network for home or a small business.
Network Architecture
What is a network can provide?
Logical interface function:
- sending messages
- receiving messages
- executing program
- obtaining status information
- obtaining status information on other network users and their status
Basic Terminology
- Node
Single computing system in a network.
- Host
A single computing system's processor.
- Link
A connection between two hosts.
- Topology
The pattern of links in a network.
Network Topology
Bus Topology
Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.
Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a network bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable.Ring Topology
In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.
Star Topology
Many home networks use the star topology. A star network features a central connection point called a "hub" that may be a hub, switch or router. Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.
Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)
Mesh Topology
Mesh topologies involve the concept of routes. Unlike each of the previous topologies, messages sent on a mesh network can take any of several possible paths from source to destination. (Recall that even in a ring, although two cable paths exist, messages can only travel in one direction.) Some WANs, most notably the Internet, employ mesh routing.
A mesh network in which every device connects to every other is called a full mesh. As shown in the illustration below, partial mesh networks also exist in which some devices connect only indirectly to others.
ISO Reference ModelOpen Systems Interconnection (OSI)
- Describes computer network communications.
- Developed by the International Standards Organization (ISO).
- Consists of Seven Layers.
- Model describes peer-to-peer correspondence, relationship between corresponding layers of sender and receiver.
- Each layer represents a different activity performed in the actual transmission of a message.
- Each layer serves a separate function.
- Equivalent layers perform similar functions for sender and receiver.
Layer Responsibility
Who can cause security problem?
- Hacker
- Spy
- Student
- Businessman
- Ex-employee
- Stockbroker
- Terrorist
Network security problem area:
- Authentication - hacker want to be an autheriza user, so they am this first.
- Secrecy - In the midle between sender and receiver.
- Non- repudiation - deal with digital signature.
- Integrity - Ensure that only authorize user allow to change the data.
Disadvantages of computing network
- Sharing.
- Complexity.
- Unknown paramenter - alot of point on the network that possible to exploite to capture packet.
- Ananomity - For a big network,we dont even know who at the other point. eg: some one may hack the DNS server before take over the website.
- Sequrity exposure - Privacy, data integrity, authenticity, convert channel, impersonaty and evesdropping.
Threaten Network
- Denial Of Service - DOS, DDOS
- Packet replay - Capture packet that being sent to the AP that using WEP, but it use a lot of time so we use packet replay to dacoy the AP while sniffing the packet without change that packet's content.
- Packet notification - capture and change the packet's content.
Network security control
- Encryption
- Strong authentication
- IPSec, VPN, SSH
- Karberos
- Firewall (act as a roadbloack)
- IDS (act as speedtrap)
- IPS (act as grill)
- Honeypot
Encryption
1. link to link
- cover layer 1 & 2 attack
- use switch layer 3 to prevent it
2. end to end
- Use application to encrypt send packet
IPSec
- Authentication & encapsulation
- Work on layer 3
- Only can be decrypt on the receiver side
SSL
- Combining of symmetric (on client host)and asymmetric (on server)algorithm
Karberos
- 1 server use to provide control authentication called as Karberos server
- Host need to have a ticket before able to send a packet to any server, 1 authentication server use to control the ticket.
-The ticket characteristic is unique, encrypted and have a life time period, since the life time is over the limit, client should request the new one before able to communicate to other server.
Firewall
- Differentiate the user whether it inside or outside the network.
- Basically hacker use the alternative way or tunneling to pass the firewall.
- Once the hacker already inside the network, firewall cant do anything.
IDS
- Capture packet and compare with the rule of IDS that installed and stored in database. If detect the malicious packet, an alert will be sent to admin so an admin can go to firewall device to block that particular packet.
- Based on attitude of admin and rule, admin must update the rule constantly so it would be still relevant.
IPS
- Scan the network, and if detect a malicious packet, IPS will send alert to access list on firewall, the firewall will directly block that particular packet.
Hacking involve:
1. Reconnaissance – gain general info on target host
2. Scanning
3. Gaining access
4. Maintaining access
5. Covering track
How To??
- Find out initial information
Google,whois,Nslookup
- Find out address range
ARIN
Traceroute
- Find active machine
- Find open port
Ports scanner
Nmap
War dialers
- Figure out OS
Nmap
- Map Out Network
VisualRoute
Review Question ( Lab 5 )
1. Discuss the differences between GET and POST method in submitting variable in web application. Which method is vulnerable to attack?
· Post method can use for sending large amount of data.
There is no limitation on the number of Variables passed from the form.
This is a transparent way of transmitting variables to the webserver
where hidden variable are always hidden
· Get method can use small scale of data.
2. . List 2 configuration that can be made to the configuration file of an apache web server so that it become more secure
· Permission on server directory
3. . List 3 configuration setting than can be made to PHP so that it become more secure
· Disable register globals and use E_STRICT to find
uninitialized variables
· Ensure that all file and streams functions (stream_*)
are carefully vetted
· Disable allow_url_fopen and allow_url_include in php.ini
4. List 3 prevention measure that can be taken to overcome. The Insecure direct object reference and Cross site request forgery vulnerabilities.
· Input validation.
Every input supplied to a system must be validated before it send to
be processed by the server, this include the data, length, type
syntax and business rule. It is better to reject any false data
supplied to the system rather than suggesting or
Strong output encoding.
Ensure that all user-supplied data is appropriately entity encoded
(either HTML or XML depending on the output mechanism) before
rendering, taking the approach to encode all characters other than
a very limited subset.
Specify the output encoding
Do not allow the attacker to choose this for your users
Do not use "blacklist" validation
Do not just replacing script characters such as "<" ">", “script” or
“” , there are some XSS that still can be used to bypass blacklist
· Validation
Watch out for canonicalization errors.
inputs must be decoded and canonicalized to the application’s
current internal representation before being validated. Make sure
that your application does not decode the same input twice. Such
errors could be used to bypass white list schemes by introducing
dangerous inputs after they have been checked
5. Do the exercise under Improper Error Handling | Fail open Authentication Scheme, What is the vulnerability found in this exercise and can you prevent it from happening?
- Code injection,
Input validation
Escaping dangerous characters. For instance, in PHP, using the htmlentities() function to protect general inputs into your web application, and mysql_real_escape_string() to protect inputs which will be included in a SQL request, to protect against SQL Injection.
Input encoding
Output encoding
Other coding practices which are not prone to code injection vulnerabilities, such as "parameterized SQL queries" (also known as "prepared statements" and sometimes "bind variables").
Modular shell disassociation from kernel
No comments:
Post a Comment