Network security (intro)27.06.2013, CyLab @ ESI CEE

Ники Стоицев

CCNA CCAI

Protocols

TCPHTTPHTTPSDNS

Attacks

DoS/DDoSSession hijackingSequence predictionConnection KillingRequest SmugglingMan-in-the-middle attack

Transmission Control Protocol (TCP)

● The core protocol of the Internet protocol suite (IP)

● Reliable● Ordered● With error checking● Connection-oriented

TCP Three-way Handshake

TCP Communication

DoS/DDoS

Denial-of-service attack (DoS attack)

Distributed denial-of-service attack (DDoS attack)

DDOS

DDOS Danger

● Cyberattacks on Estonia

SYN Flooding

Session hijacking

TCP sequence prediction attack

TCP sequence prediction attack

TCP sequence prediction attack

TCP Connection Killing

● With RST● With FIN

HTTP

● Hypertext Transfer Protocol (HTTP)● Request-response protocol in the client-

server computing model

HTTP

HTTP Request Smuggling

Cache Poisoning ExploitingRequest Credential Hijacking

Man-in-the-middle attack

MITM

ARP PoisoningDNS SpoofingDNS Poisoning

Example

HTTPS

HTTP Secure● HTTP on top of SSL/TLS protocol● Provides authentication of the web site● Bidirectional encryption

Public-key cryptography

Public Key CertificateSerial Number: Used to uniquely identify the certificate.

Subject: The person, or entity identified.

Signature Algorithm: The algorithm used to create the signature.

Signature: The actual signature to verify that it came from the issuer.

Issuer: The entity that verified the information and issued the certificate.

Valid-From: The date the certificate is first valid from.

Valid-To: The expiration date.

Key-Usage: Purpose of the public key

Public Key: The public key.

Public Key Certificate Signing

SSL/TLS

● SSL is the predecessor of TLS● Asymmetric cryptography for authentication● Symmetric encryption for confidentiality● Message authentication codes for message

integrity

SSL/TLS

RC4

● RC4 is used in SSL● Simple● Remarkable speed

RC4 attack

Discovered statistical biases in RC4 key table

50% of all TLS traffic is currently protected using the RC4 algorithm

RC4 attack

"The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm which become apparent in TLS ciphertexts when the same plaintext is repeatedly encrypted at a fixed location across many TLS sessions"

DNS

Domain name system

DNS Attacks

DNS SpoofingDNS Cache Poisoning

DNS Rebinding

Circumvents same origin policy

Questions?Thank you!