Network Security

OSI Model Vs TCP Model

Cyber Security –CIA Triad

Confidentiality
The state of being Confidentiality
secret

Integrity

ity
No unauthorized

Int
modification

bil
egr

aila
ity

Av
Avilability
Available when ever
required
AAA- Principle
Validate who the user is ?
The online banking web
site ask for a valid userid
and password before A ut h
entic
granting access in the ation

system

tion
a
o riz
What a user can do ? Au
th What user has done?
After getting access to the The bank keeps an audit
online banking web site, Accou trail of all the actions
nting
user can view account which the user performed
details of his savings during his stay with the
account only system
 • Vulnerability: Weakness/Loophole in a system which allows
threat.
• Threat: Take advantage of vulnerability to hack a system.
• Risk: The potential loss caused due to threat.

Basic • Risk = Vulnerability X Threat

• Vulnerability Assessment: The process of identifying risks

Terminolog and vulnerabilities in computer networks, systems,

hardware, applications, and other parts of the IT
ecosystem.

y of • Penetration Testing: An authorized simulated attack

performed on a computer system to evaluate its security.

Hacking • Asset: A resource of value such as the data in a database or

on the file system, or a system resource.
• Countermeasure: A safeguard that addresses a threat and
mitigates risk.
• Exploit & Payload: An exploit is a piece of code written to
take advantage of a particular vulnerability. A payload is a
piece of code to be executed through said exploit.
Types of
Hackers
 Types of Pentesting
White Box: Sharing the full information to tester.
e.g. URL, Credentials and Source code given for testing.

Black Box: Testing without having proper information

e.g. Only URL is provided for testing.

Gray Box: (White Box + Black Box) Having minimal information for pentest.
e.g. URL + Credentials given for testing
What is a
Network
Protocol?

• A protocol is a set of rules

that governs the
communications between
computers on a network.
• These rules include
guidelines that regulate the
characteristics of a network
Simple Network Architecture
What is HTTP ?
• HTTP – Hypertext Transfer Protocol
• Protocol that supports communication between web
browsers and web servers
• Also known as request and response protocol
• Most clients/servers today speak version 1.1, but 1.0 is also
in use
• RFC 1945 (HTTP 1.0)
• RFC 2616 (HTTP 1.1)

10
HTTP 1.0 Lacks in
• Persistent Connections
• Request Pipelining
• Chunked Encoding

11
Request - Response

request

response

• HTTP has a simple structure:

• Client sends a request
• Server returns a reply (response)
• HTTP can support multiple request-reply exchanges over a single
TCP connection
• Stateless Protocol

12
HTTP Headers

13
Status Lines space space

HTTP Version Status Code Status Phrase

HTTP Response Status Line

Status Code Meaning

1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error

14
Request Header
Request type
URL
HTTP Version
GET / HTTP/1.1
Host: elearn.cdachyd.in Host
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0)
Referrer : www.google.com
Gecko/20100101 Firefox/26.0 Referrer
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection:
keep-alive
If-Modified-Since: Mon, 20 Jan 2014 14:22:40 GMT
Cache-Control: max-age=0

15
Response Header
HTTP Version supported by server
Response Code
HTTP/1.1 200 OK
Date: Sun, 26 Jan 2014 06:01:37 GMT Server Name
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
Expires: Mon, 20 Jan 2014 15:22:40 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3739 Content Length
Content-Type: text/html;charset=ISO-8859-1
Connection: close

16
Life cycle Of HTTP Request
1. First browser translates domain name to IP address using
DNS server
2. Browser opens a TCP connection and sends a HTTP GET
request
3. Now the hosted server will receive the client request and
based on that it sends the HTTP response over the TCP
connection.
4. Now the browser renders the same response

17
HTTP Methods
Web clients can use various request types when
accessing a web server. These request types are called
“request methods”.

- GET - OPTIONS
- POST - CONNECT
- HEAD - PUT
- TRACE - DELETE

18
GET , POST, HEAD
• GET – passing parameters via URL
• Good for bookmarking
• Easily manipulated by attackers
• POST – HTTP payload
• Can be changed if application support method interchange
• HEAD only returns HTTP Headers
• Results of a request
• Speeds up testing if interested in only headers

19
TRACE / OPTIONS
• TRACE echoes the request as seen by the server back
to the client
• Allows attacker to see any changes made by intermediate
servers, such as proxy
• OPTIONS asks the server which HTTP methods are
supported

20
CONNECT
• CONNECT creates a HTTP tunnel for requests
• Used to connect through proxy
• Also used to establish ssl connections
• Client connects to proxy and issues a CONNECT
method

21
PUT / DELETE
• PUT uploads data to the location specified by the URL
• DELETE removes the resource specified by the URL
• DoS
• Change configurations .htaccess
• Not open in public interfaces

22
 Cryptography is the science of secret, or hidden writing

Cryptography
It has two main Components:

• Encryption

Basics • Practice of hiding messages so that they can not be read by anyone
other than the intended recipient
• Authentication & Integrity
• Ensuring that users of data/resources are the persons they claim to
be and that a message has not been surreptitiously altered
Encryption

Plain Text Encryption Cipher Text Decryption Plain Text

Algorithm Algorithm

Key A Key B
Encryption
Symmetric Algorithms
Algorithms in which
the key for encryption • Example: Caesar Cipher
and decryption are the
same are Symmetric

• Block Ciphers
• Encrypt data one block at a time (typically 64 bits, or 128 bits)
• Used for a single message
Types: • Stream Ciphers
• Encrypt data one bit or one byte at a time
• Used if data is a constant stream of information
 Asymmetric Encryption

Plain Text Cipher Text Plain Text

Cipher Cipher

Public Key Private Key

 20 &21-FTP (File Transfer Protocol)
Different Network 22-SSH (Secure Shell)
Protocols
23-Telnet
25-SMTP
53-DNS
80-HTTP
123-NTP
137-139-Net-Bios
443-HTTPS
161-SNMP
636-LDAP
3306-MSSQL
3389-RDP
TCP Flags:

1 2 3 4 5 6

SYN (synchronize): ACK RST (reset): Signify the FIN (finish): Indicate PSH (push): Indicate URG (urgent): Indicate
Packets that are used (acknowledgment): connection is down or that the connection is that the incoming data that the data that the
to initiate a Packets that are used maybe the service is being torn down. Both should be passed on packet is carrying
connection. to confirm that the not accepting the the sender and directly to the should be processed
data packets have requests receiver send the FIN application instead of immediately by the
been received, also packets to gracefully getting buffered TCP stack
used to confirm the terminate the
initiation request and connection
tear down requests
3-way handshake
Network
infrastructure
Routers, Revisited
• How to connect
multiple LANs?
• LANs may be
incompatible Routers
• Ethernet, Wifi, etc…
• Connected networks
form an internetwork
• The Internet is the best
known example
IP Addressing
• IPv4: 32-bit addresses
• Usually written in dotted notation, e.g. 192.168.21.76
• Each number is a byte
• Stored in Big Endian order

0 8 16 24 31
Decimal 192 168 21 76

Hex C0 A8 15 4C

Binary 11000000 10101000 00010101 01001100

33
Classes of IP Addresses
0 1 8 16 24 31
• Class A Example: MIT
0 Ntwk Host
18.*.*.*

1-126
0 2 8 16 24 31
Example: NEU
 Class B 10 Network Host
129.10.*.*
128-191
0 3 8 16 24 31
Example:
 Class C 110 Network Host
216.63.78.*

192-223 34
 • Network Security assessment

• Evaluation and Auditing the security

• Firewall Penetration Test (Policy auditing)
Why Scanning • IDS proof/evaluation
• Identifying unexpected new servers

• Identifying open ports for

• proactively protect the network (Network
and security admin)
• attacking it (Hackers)
Types of Nmap Scans

• TCP SCAN
• UDP SCAN
• SYN SCAN
• ACK SCAN
• FIN SCAN
• NULL SCAN
• XMAS SCAN
TCP SCAN:
• Tcp scan will scan for TCP port like port 22,
21, 23, 445 etc and ensure for listening
port (open) through 3-way handshake
connection between the source and
destination port.

• If the port is open then source made

request with SYN packet, a response
destination sent SYN, ACK packet and then
source sent ACK packets, at last source
again sent RST, ACK packets
UDP Scan
•UDP scan works by sending a UDP packet to
every destination port; it is a connectionless
protocol. For some common ports such as 53
and 161, a protocol-specific payload is sent to
increase the response rate, a service will
respond with a UDP packet, proving that it is
open. If no response is received after
retransmissions, the port is classified as
open/filtered. This means that the port could
be open, or perhaps packet filters are
blocking the communication.
Syn and Stealth Scan
Fin Scan
Xmas Scan
Lab Exercise
Scan Scan a single IP nmap 192.168.1.1

Scan Scan a host nmap test.com

Scan Scan a range of IPs nmap 192.168.1.1-20

Scan Scan a subnet nmap 192.168.1.0/24

Scan Scan targets from a text file nmap -iL list-of-ips.txt

What Are Packet Sniffers?

• A packet sniffer is either a software or hardware tool to intercept, log,

and analyze network traffic and data.
1. WinDump
2. Wireshark
3. Telerik Fiddler
4. tcpdump
5. Kismet
 Nmap –sV
192.168.157.190
Default username
and password
FTP Exploit
Bruteforce Attack
Vulner Scan
Threat Modeling

•Defining security requirements.

• Creating an application diagram.

• Identifying threats.

• Mitigating threats.

• Validating that threats have been mitigated