Engineered by Hackers. Presented by Professionals.
General Security Concepts
Module 00
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
General Security Concepts


Advanced TCP/IP

Cryptography Basics and Methods

Confidentiality

Integrity

Authentication Methods

Non-Repudiation

Access Control Models

Security Topologies

Risk Concepts

VietNam Information Security Policies
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Advanced TCP/IP


The OSI Model
In the OSI model:

Each layer has a defined
networking function

Each layer communicates
with the layer above and
below it

Layer seven provides services
for programs to gain access to
the network

Layers one and two define the
network’s physical media and
related tasks
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Advanced TCP/IP


The TCP/IP Model
A web request moving along the TCP/IP model
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa


TCP/IP Protocol Suite

TCP/IP
OSI
TCP
TCP
UDP
UDP
ARP
ARP
IGMP
IGMP
ICMP
ICMP
IP
Ethernet
Ethernet
Frame
Relay
Frame
Relay
Token
Ring
Token
Ring
ATM
ATM
Application
Application
Transport
Transport
Link

Link
HTTP
HTTP
FTP
FTP
SMTP
SMTP
DNS
DNS
RIP
RIP
SNMP
SNMP
Application
Application
Transport
Transport
Network
Network
Data-Link
Data-Link
Presentation
Presentation
Session
Session
Physical
Physical
Internet
Internet
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ

Khoa
Advanced TCP/IP


The function of IP

Identifies every host with a unique IP address

Identifies every packet with source and destination IP
addresses

Manages routing
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
IP Address Classes

Five classes defined:
A: Decimal 1-126 (127 reserved), first bit is 0
B: Decimal 128-191, first two bits are 10
C: Decimal 192-223, first three bits are 110
Classes A, B & C are used for addressing individual hosts
D: Decimal 224-239, first four bits are 1110
Reserved for Multicasting
E: Decimal 240-247, first five bits are 11110
Class E is experimental. For additional info on Class E
and its future implementation see RFC 1365
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
IP Address Classes


H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Private IP Address Ranges

Class A: 10. 0.0.0 – 10.255.255.255
Class B: 172. 16.0.0 – 172. 31.255.255
Class C: 192.168.0.0 – 192.168.255.255
The 169.254.0.0 network is used by Microsoft for APIPA
(Automatic Private IP Addressing).
The above addresses are not route-able over the internet.
Also, the 127.0.0.0 network ID is used for diagnostics
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
The Subnet Mask


A number that matches the length of the IP address that masks
the host bits to reveal only the network ID

The ‘AND’ing process

Default masks:
•
Class A: 11111111.00000000.00000000.00000000 – 255.0.0.0
•
Class B: 11111111.11111111.00000000.00000000 – 255.255.0.0
•
Class C: 11111111.11111111.11111111.00000000 –
255.255.255.0
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ

Khoa
Subnetting

A 10.0.0.0 network has a default subnet mask of
255.0.0.0
i.e.,

00001010.yyyyyyyy.yyyyyyyy.yyyyyyyy = IP address

11111111.00000000.00000000.00000000 = Subnet mask

To divide this network into 12 networks, you need to
‘borrow’ 4 bits from the host portion of the mask to
the network portion, i.e.,

11111111.11110000.00000000.00000000 = Subnet mask

Which is = 255.240.0.0
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Subnetting

Now that the mask is 255.240.0.0, you have 16 networks:
•
00001010.0000 0000.00000000.00000000 = 10. 0.0.0 (first possible network)
•
00001010.0001 0000.00000000.00000000 = 10. 16.0.0 (second network)
•
00001010.0010 0000.00000000.00000000 = 10. 32.0.0 (third network)
•

00001010.0011 0000.00000000.00000000 = 10. 48.0.0 (fourth network)
•
00001010.0100 0000.00000000.00000000 = 10. 64.0.0 (fifth network)
•
00001010.0101 0000.00000000.00000000 = 10. 80.0.0 (sixth network)
•
00001010.0110 0000.00000000.00000000 = 10. 96.0.0 (seventh network)
•
00001010.0111 0000.00000000.00000000 = 10.112.0.0 (eighth network)
•
00001010.1000 0000.00000000.00000000 = 10.128.0.0 (ninth network)
•
00001010.1001 0000.00000000.00000000 = 10.144.0.0 (tenth network)
•
00001010.1010 0000.00000000.00000000 = 10.160.0.0 (eleventh network)
•
00001010.1011 0000.00000000.00000000 = 10.176.0.0 (twelfth network)
•
00001010.1100 0000.00000000.00000000 = 10.192.0.0 (thirteenth network)
•
00001010.1101 0000.00000000.00000000 = 10.208.0.0 (fourteenth network)
•
00001010.1110 0000.00000000.00000000 = 10.224.0.0 (fifteenth network)
•
00001010.1111 0000.00000000.00000000 = 10.240.0.0 (sixteenth network)
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Routing



Communications from one network to another

Packets are sent to a default ‘Gateway’ (router)

The router ‘routes’ the packet to the appropriate interface, by
looking at the destination IP address and its routing table

The destination network may or may not be attached to that
interface. If the destination is not attached to that interface, the
packet is sent to the next router.
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa
Analyze the 3-Way handshake

Transport Layer Concepts
TCP UDP
Connection-oriented Connectionless
Slower
communications
Faster
communications
Considered reliable Considered unreliable
Transport layer Transport layer
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa


TCP Control Flags
Analyze the 3-Way handshake
SYN (S)—Represents the first part of establishing a connection. The synchronizing of

communication will generally be in the first packet of communication.
ACK (Ack)—Represents acknowledgment of receipt of data from the sending host.
This is sent during the second part of establishing a connection in response to
the sending host’s SYN request.
FIN (F)—Represents the sender’s intentions of terminating the communication in
what is known as a graceful manner.
RESET (R)—Represents the sender’s intentions to reset the communication.
URGENT (Urg)—Represents that this data should take precedence over other data
transmissions.
PUSH (P)—Used when the sending host requires data to be pushed directly to the
receiving application, and not fill in a buffer.
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa


Sequence and Acknowledgment Numbers
Analyze the 3-Way handshake

When initiating a new connection, an Initial Sequence Number (ISN) is
generated

The ISN is a 32-bit number that increments by one every 4 microseconds

Acknowledgment Numbers are also 32-bit numbers, in response to a sequence
number

Reliable delivery by TCP
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa



Ports
Analyze the 3-Way handshake
•
Port numbers are located in the TCP (or UDP) header, and they are 16-bit
values, ranging from 0 to 65,535.
•
Port numbers can be assigned to specific functions, or applications.
•
Ports also can be left open for dynamic use by two hosts during
communication.
•
There are three main categories of ports: Well Known, Registered, and
Dynamic.
–
www.iana.org/assignments/port-numbers.
The Well Known Ports (Reserved Ports): 1–1023
Registered Ports: 1024 – 49151
Dynamic Ports (Private Ports): 49152 – 65536
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa


Port numbers and associated services
Analyze the 3-Way handshake

Port 23 - Telnet

Port 80 - HTTP (standard Web pages)


Port 443 - Secure HTTP (secure Web pages)

Ports 20 and 21 - FTP

Port 53 - DNS

Port 25 - SMTP
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa


Trojan associated Port numbers
Analyze the 3-Way handshake

Port 12345 - NetBus

Port 1243 - Sub Seven

Port 27374 - Sub Seven 2.1

Port 31337 - Back Orifice

Port 54320 (TCP) - Back Orifice 2000

Port 54321 (UDP) - Back Orifice 2000
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa




Monitor real-time network traffic

Analyze network traffic

Filter specific protocols to capture

The default view of Network Monitor

Displaying captures

Network Monitor Filters
Network Monitor
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa



Very versatile third party tool - will run on many versions of
Unix/Linux and Windows.

Requires libpcap (Unix) or WinPcap 2.3 (Windows)

Can read data off the wire, or from files of various formats.

Can also save file to various formats.

Freely available at www.wireshark.org.

Formerly called Ethereal, name changed in 2006.
Wireshark

H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa



Three categories of cryptography: physical, mathematical, and quantum.

Understanding Physical Cryptography

Physical cryptography includes several different approaches. The more common
methods involve transposition or substitution of characters or words.

A cipher is a method used to encode characters to hide their value. Ciphering is the
process of using a cipher to encode a message. The three primary types of
cryptography or ciphering methods—substitution, transposition, and
steganography—are discussed in the following sections

Substitution Ciphers: A substitution cipher is a type of coding or ciphering
system that changes one character or symbol into another
For example, let’s say you had the following message:
You can do this easily if you put your mind to it.
And the encrypted message read
You can do qhis zasily if you puq your mind to iq.
Notice in the encrypted example that every instance of z is substituted for e, and
that every instance of q is substituted for t
Cryptography Basics and Methods
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa




Three categories of cryptography: physical, mathematical, and quantum.

Understanding Physical Cryptography

Transposition Ciphers: A transposition cipher involves transposing the letters in
a certain manner

Example: Caesar Cipher: This simple algorithm rotates every letter 13 places in
the alphabet. Thus an A becomes an N and a B becomes an O, and so forth
See if you can solve these encryptions:
1. Neg snve qrohgf urer fngheqnl.
2. Gevcyr pbhcbaf ng Xebtre!
3. Gel lbhe unaq ng chmmyrf.
The answers are
4. Art fair debuts here saturday.
5. Triple coupons at Kroger!
6. Try your hand at puzzles.
Cryptography Basics and Methods
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa



Three categories of cryptography: physical, mathematical, and quantum.

Understanding Physical Cryptography

Steganography: Steganography is the process of hiding one message in another


Consider the following message:
“Meet the mini me that ate later.”
The real message is every third word:
“Meet me later.”
Cryptography Basics and Methods
H c vi n Công Ngh Thông Tin Bách ọ ệ ệ
Khoa



Three categories of cryptography: physical, mathematical, and quantum.

Understanding Mathematical Cryptography: Mathematical
cryptography deals with using mathematical processes on characters or
messages. The most common is a function called hashing
Cryptography Basics and Methods