introduction to network security security
play

Introduction to Network Security Security Chapter 11 Remote - PDF document

Feb 12, 2023 •232 likes •765 views

Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Remote Access Telnet Rlogin X-Windows X-Windows FTP General

  1. Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics • Remote Access – Telnet – Rlogin – X-Windows – X-Windows – FTP – General Countermeasures • Peer-to-Peer Protocols • Anonymous services & Privacy • General countermeasures Dr. Doug Jacobson - Introduction to 2 Network Security - 2009

  2. Telnet TELNET: a Virtual Terminal Protocol that provides interactive access to remote computers application The protocol defines: • Format of data • How control signals are passed and how to distinguish them from data Terminal • Data transfer mode driver (half/full duplex, sync/async) • How out-of-band signals are passed • How data delivery is controlled OS Terminal Dr. Doug Jacobson - Introduction to 3 Network Security - 2009 Telnet NVT – Network Virtual Terminal application telnet client local char set local char set Psuedo terminal OS OS device device terminal OS TCP/IP TCP/IP telnet server Port 23 NVT char set Local charsets of different OS’s may not be compatible. When sending over the network, the local charset is translated to the common NVT charset by the telnet client. The telnet server then translates the NVT charset to the local charset Dr. Doug Jacobson - Introduction to 4 Network Security - 2009

  3. Telnet Dr. Doug Jacobson - Introduction to 5 Network Security - 2009 Telnet The virtual terminal consists of a display and a printer • Display – Characters are 7 bit ASCII – Operates in scroll mode with unlimited line length, unlimited lines per page – Must be able to generate control signals: – Must be able to generate control signals: Are You There Interrupt Process Abort Output Erase Character Erase line Break • Printer – Has unspecified line width and page length – Can print the 95 ASCII graphic characters – Can respond to the control codes: NUL Line Feed Carriage return Dr. Doug Jacobson - Introduction to 6 Network Security - 2009

  4. Telnet Dr. Doug Jacobson - Introduction to 7 Network Security - 2009 Telnet Commands Definition Abbr code End of subnegotiation SE 240 No Operation NOP 241 Data Mark: A stream sync character DM 242 Break BRK 243 Interrupt Process IOP 244 Abort Output Abort Output AO AO 245 245 Are You There AYT 246 Erase Character EC 247 Go Ahead: turn line around for half duplex GA 249 Begin subnegotiation SB 250 WILL 251 WONT 252 DO 253 DON’T 254 Interpret as CMD IAC 255 Dr. Doug Jacobson - Introduction to 8 Network Security - 2009

  5. Telnet Commands How to mix user data and commands: user data: 0 7 bit ASCII command: 1 7 bits There is a special command to transfer 8 byte data Dr. Doug Jacobson - Introduction to 9 Network Security - 2009 Telnet Options • Options can be negotiated by telnet processes • New options can be accommodated since they are not part of the standard • • Three categories Three categories 1. Enhance, change, and refine NVT characteristics (e.g. line width) 2. Change transfer protocol (e.g. suppress GO AHEAD) 3. Information to be passed to the host (e.g. status, terminal type) Dr. Doug Jacobson - Introduction to 10 Network Security - 2009

  6. Telnet Options This is just a subset of the options defined in many different RFC’s: ID Name RFC Category 0 Binary transmission 856 2 1 1 echo echo 857 857 1 1 5 status 859 3 8 output line width 1 9 Output page size 1 10 Output <cr> disposition 652 1 24 terminal type 930 3 25 End of record 885 3 Dr. Doug Jacobson - Introduction to 11 Network Security - 2009 Telnet Negotiation Option negotiation rules: • May reject a request to enable an option • Must accept a request to disable an option • Must accept a request to disable an option • Options are not enabled until negotiation is complete • Never negotiate an option that is already true Dr. Doug Jacobson - Introduction to 12 Network Security - 2009

  7. Telnet Negotiation Option negotiation commands: • WILL Sender wants to enable the option • WONT Sender does not want to enable the option • • DO DO Sender would like the other side to enable the Sender would like the other side to enable the option • DON’T Sender would not like the other side to enable the option Example 1: Side A wants to enable ECHO (857), side B agrees IAC WILL 857 A B IAC DO 857 Dr. Doug Jacobson - Introduction to 13 Network Security - 2009 Telnet Negotiation • Example 2: A would like B to enable ECHO, B agrees IAC DO 857 A B IAC WILL 857 • Example 3: A would like B to enable ECHO, but B does not agree A IAC DO 857 B IAC WONT 857 Dr. Doug Jacobson - Introduction to 14 Network Security - 2009

  8. Telnet Negotiation • Example 4: A would like to disable echo, B MUST agree A B IAC WONT 857 IAC DONT 857 IAC DONT 857 • Example 5: A would like B to disable echo, B must agree IAC DONT 857 A B IAC WONT 857 Dr. Doug Jacobson - Introduction to 15 Network Security - 2009 Telnet Negotiation Suboptions SE 240 suboption end SB 241 suboption begin Example: A wants to set the terminal type (2Y) to vt100 A B IAC WILL 2Y IAC DO 2Y IAC SB 2Y vt100 IAC SE Dr. Doug Jacobson - Introduction to 16 Network Security - 2009

  9. Direction Data Comments 0xff 0xfd 0x01 IAC, Do Echo (request client echoes) C � S 0xff 0xfd 0x22 IAC, Do linemode (request client sends a line at a time) 0xff 0xfb 0x05 IAC, Will Status (server wishes to send status info) 0xff 0xfb 0x01 IAC, Will Echo (client will echo characters) C � S 0xff 0xfc 0x22 IAC, Won’t linemode (Client will not do linemode) 0xff 0xfe 0x05 IAC, Don’t Status (client does not want server to send status information) 0xff 0xfe 0x01 IAC, Don’t Echo (tell client not to echo) C � S 0xff 0xfb 0x01 IAC, Will Echo (tell client server will echo) 0xff 0xfc 0x01 IAC, Won’t Echo (tell server client will not echo) C � S 0xff 0xfd 0x01 IAC, Do Echo (tell server it is OK to echo) C � S \r\n Login: Send authentication application prompt C � S j First char of user name C � S j Echo of the character Repeat until enter key is pressed C � S \r\n Send carriage return + linefeed C � S \r\n Echo carriage return + linefeed C � S Password: Send authentication application prompt C � S p First char of password (server will not echo) Repeat until enter key is pressed C � S \r\n Send carriage return + linefeed C � S \r\n Echo carriage return + linefeed C � S User is now connected and server application will send message. Dr. Doug Jacobson - Introduction to 17 Network Security - 2009 Rlogin • Remote login (rlogin) • Similar to telnet, but much simpler • Designed for unix to unix communication • Possible for hosts to login without a password • Uses port 513 • • Sequence: Sequence: – Client sends: \0 local login name \0 server login name \0 terminal type \0 – Server sends: \0 Dr. Doug Jacobson - Introduction to 18 Network Security - 2009

  10. Rlogin Dr. Doug Jacobson - Introduction to 19 Network Security - 2009 rlogin server trust Dr. Doug Jacobson - Introduction to 20 Network Security - 2009

  11. rlogin trust Client host Client side user Server side user Result A John John Trusted Mary Not Trusted Alice Trusted Mary John Not Trusted Mary Not Trusted Alice Not Trusted Joe John Not Trusted Mary Not Trusted Alice Not Trusted Alice John Not Trusted Mary Not Trusted Alice Trusted B Any User Any User Trusted Dr. Doug Jacobson - Introduction to 21 Network Security - 2009 rlogin trust Client host Client side user Server side user Result C John John Not Trusted Mary Not Trusted Alice Not Trusted Mary John Not Trusted Mary Mary Not Trusted Not Trusted Alice Not Trusted Joe John Not Trusted Mary Not Trusted Alice Not Trusted Alice John Not Trusted Mary Not Trusted Alice Not Trusted Dr. Doug Jacobson - Introduction to 22 Network Security - 2009

  12. Rlogin commands • Commands are distinguished by 0xFF – Remote flow control 0x10 – Local flow control 0x20 – Window size – Window size 0x80 0x80 (asks client for current window size) • Escape character: ~ ^d • Everything is sent in clear text Dr. Doug Jacobson - Introduction to 23 Network Security - 2009 rlogin Dr. Doug Jacobson - Introduction to 24 Network Security - 2009

  13. rlogin Direction Data Comments john 0x00 Client side username john 0x00 Server side username C � S xterm\34800 0x00 Terminal type and speed If authentication is required (user is untrusted) Password: Prompt for password C � S C � S p First char of password (server will not echo) Repeat until enter key is pressed C � S \r Send carriage return \r\n Echo carriage return + linefeed C � S If authentication worked or user was trusted Data from server User is now connected and server will display the UNIX shell prompt. C � S Dr. Doug Jacobson - Introduction to 25 Network Security - 2009 X windows • The user sits on the server side of X windows – Usually telnet into client and start X window client window client – X windows then starts and the client authenticates to the X windows server – X windows sends information in clear text Dr. Doug Jacobson - Introduction to 26 Network Security - 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 5 Physical Network Layer Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Lower Layer Security Physical Layer Overview Common attack methods Ethernet

966 views • 40 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson -

Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson -

Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Remote Access Telnet Rlogin X-Windows FTP General Countermeasures

1.48k views • 104 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson -

Introduction to Network Security Chapter 5 Physical Network Layer Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Lower Layer Security Physical Layer Overview Common attack methods Ethernet

1.01k views • 80 slides
Introduction to Network Security Security Chapter 1 Network Architecture Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 1 Network Architecture Dr. Doug Jacobson -

Introduction to Network Security Security Chapter 1 Network Architecture Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Chapter Topics Introduction Layered architecture Key terms Key terms Protocol

464 views • 19 slides
access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

access-list 103 remark VTY Telnet Access ACL access-list 103 permit tcp host &lt;IP address&gt;

Router Device Security Lab Configuring Secure Passwords 1. Configure the enable secret and password enable password TRUSTME enable secret letmein Look at the configuration: show config terminal Note the difference between the number 5 and

375 views • 5 slides
Flying the Unfriendly Skies: Overcoming Obstacles in Legacy Simulations to Improve Training John

Flying the Unfriendly Skies: Overcoming Obstacles in Legacy Simulations to Improve Training John

Flying the Unfriendly Skies: Overcoming Obstacles in Legacy Simulations to Improve Training John Williamson, Jennifer Lewis john.e.williamson@saic.com jennifer.e.lewis@saic.com 4 Experienced Development Team 5 INTRODUCTION 1,211 Pilot

574 views • 25 slides
CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from

CSE 127: Introduction to Security Lecture 15: TLS Deian Stefan UCSD Fall 2019 Material from Nadia Heninger, Dan Boneh, Stefan Savage Reminder: Network Attacker Threat Model Network Attacker: Controls infrastructure: Routers, DNS

1.29k views • 76 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim Kobeissi 1.4a HTTPS and TLS 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi What is TLS? The S in HTTP S . Most likely

852 views • 35 slides
Nikhil Mittal (SamratAshok) } SamratAshok } Twitter - @nikhil_mitt } I am interested in

Nikhil Mittal (SamratAshok) } SamratAshok } Twitter - @nikhil_mitt } I am interested in

Nikhil Mittal (SamratAshok) } SamratAshok } Twitter - @nikhil_mitt } I am interested in Offensive Information Security, new attack vectors and methodologies to pwn systems. } Previous Talks Compromising a highly secure environment

505 views • 48 slides
SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by:

SCADA Hacking Clear and Present Danger ITAC 2014 02 Oct 2014 Presen sented ed b by: Francis Brown Bishop Fox, LLC www.bishopfox.com Agenda O V E R V I E W Introd oduction on/B /Bac ackgr grou ound Target eting ng S

892 views • 64 slides
Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

952 views • 53 slides
Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji

Hardware Acceleration: An Essential Part of Cyber Security in High-Speed Networks Ji Novotn Pavel eleda Radek Krej novotny@ics.muni.cz celeda@ics.muni.cz krejci@liberouter.org DeepSec In-Depth Security Conference 2010

652 views • 52 slides

More recommend