CTC228

Nov 16 2015

Today...

Catching up with group projects

URLs and DNS

Nmap

Review for Test

Chap 8 Group project

Research ESXi and explain how it is different from Vmware Workstation.

Nov 2 Group project

Answer the following questions: 1. Explain the difference between SSH and Telnet. What are they

used for? Which one is preferable? Why? 2. Imagine you are the administrator of a network for a major movie

studio. Your network is designed to be used only for FTP. Lately, the file transfers have been running slowly. You examine the logs and see lots of connections to outside IP addresses on port 80 and 443. What is happening? Why is the network running slowly?

3. What type of hypervisor is Vmware Workstation? What type of hypervisor is Virtualbox? Why?

BONUS QUESTION: SSH uses TCP port 22. Would it be a good idea if SSH used UDP instead? Why or why not?

Group project Nov 4

1. You are in charge of building a network for your company. There are 500 employees that need to share many large files internally but very rarely need to connect to the Internet. What can you do to avoid having to pay for 500 separate Internet connections? How/Why does your solution work? 2. Your company network is slowing down because all the employees

are using Facebook and YouTube at work. What device can you install on the network to block this? Describe how you will configure this device.

BONUS QUESTION: If you are on a Linux system and have only READ access to a file that contains executable code you want to run, is there any way you can run the code in the file? If yes, how? If no, why not?

Nov 9 Group projects

1. There is a school policy that says all students must do their own homework and cannot share work. Alice completes her homework and stores it on a class computer in her private directory. Bob uses the class computer and notices he is able to read Alice's files. Bob copies Alice's homework into his own directory. Since Bob was able to copy the file, was there a breach of the policy? Why or why not?

Bonus question: Would ARP spoofing work across the Internet? Could a remote attacker create a MITM situation between your home computer and your home router? Why or why not?

Today...

Catching up with group projects

URLs and DNS

Nmap

Review for Test

Important Distinction

What is the difference between the Internet and the world wide web (a.k.a. “the web”)?

The world wide web (delivered over HTTP) is just one possible service that can be run over the Internet

Chap 8: HTTP Client

Structure of a URL (a.k.a. “web address”)

Protocol://host/path

Example http://www.cheese.com/feta/

http://www.insecure.org/index.html

By default, a file called “index.html” is usually loaded

But the Internet uses IP addresses, so how is a URL converted to an IP address?

Answer: the Domain Name System

Today...

Catching up with group projects

URLs and DNS

Nmap

Review for Test

Nmap, my favorite network tool

Stands for “Network Mapper”

Scans TCP/UDP ports on computers

Can determine OS, versions, vulnerabilities, etc.

By default nmap scans 1000 most common TCP ports

...but you can still get in trouble.

How nmap scans

Basic nmap

Nmap with options

Nmap's GUI is called

Zenmap

What can we tell about this guy?

Nmap can do UDP too

UDP not listening on a port

UDP open|filtered on a port

Today...

Catching up with group projects

URLs and DNS

Nmap

Break, then

Review for Test

Virtual machine hypervisors

TCP and UDP port assignments

0 – 1023: Well-known ports

Reserved for specific uses

1024 – 49151 : Registered ports

Registered for specific purposes

49152 – 65535: Ephemeral ports

Dynamically allocated

Common TCP and UDP Ports

22 (TCP)– SSH

23 (TCP)– Telnet

53 (UDP) – DNS

80 (TCP) – HTTP

443 (TCP) – HTTPS

Firewalls

Limit inbound/outbound traffic based on rules Rules usually based on IP addresses and ports

Can be host-based or network-based Originally just “packet filters” Later came “stateful” firewalls Modern ones can be “application” level ...

Chapter 10: Security Policies *

A policy is a human-language document that describes who can access what. In order to write it, you need to know:

WHAT you are trying to protect WHO you are trying to protect it from

Notice we don't mention specifically HOW STUFF WILL BE PROTECTED in the policy

A mechanism is something that enforces a policy

Symmetric Key

Asymmetric Key (a.k.a. public key cryptography)

MITM: A better diagram