Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski...
Transcript of Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski...
![Page 1: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/1.jpg)
Intro to InfoSec Communication
Protocols Nir Krakowski (nirkrako at post.tau.ac.il)
Itamar Gilad (infosec15 at modprobe.net)
![Page 2: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/2.jpg)
Today • Into to new subject – communication protocols
• Common terminology
• Most useful protocols
• Tools of the trade.
![Page 3: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/3.jpg)
Communication Protocols • A network is just a bunch of devices
communicating.
• There are all sorts of protocols out there today
being used: 3GPP/GSM/SS7, TCP/IP, Ethernet,
W/LAN, Bluetooth, ATM, HDMI, USB, etc.
• All protocols have been designed to serve different
purposes, their purpose usually demands their
structure and services they provide.
• Of course the most important of all is the Internet
Protocol (IP).
![Page 4: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/4.jpg)
Secured Communication • Securing Transfer of Information is a problem of
centuries. In the middle ages pigeons with notes
were captured in order to intercept
communication.
• Our computer systems are valuable because they
can communicate. Can you find a computer
disconnected from the internet ?
• Communications are an essential part of the
security trust-base.
![Page 5: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/5.jpg)
Communication compromise types
![Page 6: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/6.jpg)
Communication denial types
![Page 7: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/7.jpg)
Communication compromise
types • Eavesdropping - information leaves a device it can
be intercepted.
• Man in the middle– communication is routed through a 3rd party.
• Man on the side– eavesdropping information is used to for impersonation.
• Denial of Service (DoS).
• Distributed Denial of Service (DDoS).
• In other words, a hackers goals by priority is: o Divert traffic for man in the middle.
o Eavesdrop on traffic.
o Disturb traffic.
![Page 8: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/8.jpg)
Popular Communication Defenses
• Firewalls - used to protect against unwanted packets, limiting in advance to a set of rules of acceptable traffic only.
• VLAN – separate the network into different Virtual LAN, every virtual LAN is a different trust base segment. Needs to be carefully designed.
• End-to-End encryption, who cares what happens in between
its all encrypted and most importantly authenticated/signed, eg. SSH, SSL.
• Intrusion Detection/Prevention Systems (IDS/IPS) – passively monitors data and looks for signs of “bad” behavior, and can then deny traffic.
![Page 9: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/9.jpg)
Ethernet • Destination (Media Acess Control) MAC Address
denotes the target device in the local network.
• If the MAC Address is FF:FF:FF:FF:FF:FF the message is
broadcast to all devices in the local network.
![Page 10: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/10.jpg)
IP
![Page 11: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/11.jpg)
Typical IP Routing Scheme
![Page 12: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/12.jpg)
TCP
![Page 13: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/13.jpg)
Typical TCP Connection • A is connecting to B using the 3-way hand-shake
• A sends a TCP-SYN from a random source port to a
specific destination port (eg. Port 80 for HTTP)
• B replies with TCP-SYN+ACK from the source port 80
to the random destination port.
• A replies with an ACK.
• DATA is exchanged.
• A or B initiate a TCP-FIN to end the connection.
![Page 14: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/14.jpg)
Our tools • Wireshark – a spin-off from ethereal which started as
a GUI interface for tcpdump. o Wireshark sniffs communications and records them in capture files .cap or
.pcap
o Has many modules supporting enormous amount of protocol types.
o Straight-forward interface.
• Scapy – Another useful python module. o Also available for perl, don’t tell Itamar.
(http://sylv1.tuxfamily.org/projects/scaperl.html)
o But we’ll use python anyhow.
![Page 15: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/15.jpg)
Demos • [Demo sniffing a cookie with wireshark.
• [Demo using scapy].
![Page 16: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/16.jpg)
Wireshark – setup capture filter
![Page 17: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/17.jpg)
Wireshark – capture filter • Capture filter are very fast and tell wireshark which
data to record.
![Page 18: Intro to InfoSec Communication Protocols · Intro to InfoSec Communication Protocols Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net) Today •](https://reader034.fdocuments.us/reader034/viewer/2022042804/5f5939713b9442700877d109/html5/thumbnails/18.jpg)
Recording data • Alternatively you can also record .pcap files with
tcpdump.
• eg.: tcpdump –ni any –s 0 –w out.pcap
• Reading files is also possible with scapy: o from scapy.all import *
o all_packets = rdpcap(“data01.pcap”)