SlideShare a Scribd company logo

T C P I P Weaknesses And Solutions

Download as PPT, PDF
eroglu
eroglu

The document discusses weaknesses in the TCP/IP protocol suite and solutions to address those weaknesses. It outlines security issues with IP, such as a lack of authentication, encryption, and traffic prioritization. Common attacks like spoofing, sniffing, and denial of service are described. Solutions proposed include using IPv6, IPSec, firewalls, and intrusion detection to authenticate devices, encrypt traffic, and monitor networks for attacks.

Related slideshows

Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Tcp ip
Tcp ipTcp ip
Tcp ip
 
Firewalls
FirewallsFirewalls
Firewalls
 
1 of 22
TCP/IP PROTOCOL SUITE WEAKNESSES & SOLUTIONS Enis Karaaslan Ege University International Computer Institute 35100 Bornova-İZMİR [email_address]
Presentation Content TCP/IP Protocol Suite IP Security Problems TCP/IP Weaknesses IP Based Attacks Case Story - Attack on HTTP Protection Methods IPv6 SECURE IP –Ipsec Discussion & Conclusion
TCP/IP Protocol Suite TCP/IP is a protocol suite which is used to transfer data through networks. It consists of several protocols. The most important is IP.   IP : mainly takes care of specifying where to send data. The main protocols associated with it are :   TCP (Transmission Control Protocol) UDP ( User Datagram Protocol) ICMP (Internet Control Message Protocol) :
Relevant points about TCP/IP The TCP/IP protocol suite contains all protocols necessary to facilitate data transfer over the Internet The TCP/IP protocol suite provides quick, reliable networking without consuming heavy network resources TCP/IP is implemented on almost all computing platforms
Addressing in TCP/IP Today millions of computers interact with eachother. There is a need to establish : A globally accepted method of identifying computers. To provide a universal communication service.
Internet Address Classification IP Addresses (version 4) Five classes (A,B,C,D,E) Addresses are 32-bits. Class A - (0) – ( more than 65,536 (2^16) hosts ) Class B - (10) – (between 256 (2^8) and 65,536 (2^16) hosts ) Class C - (110) (less than 256 (2^8) hosts) Class D - (1110) - Multicast addressing. Class E - (11110) - Reserved for future use. IPv6 (proposed) uses 128 -bits.
Port Numbers TCP/IP communication uses special port number which it connects to. Some well-known port numbers are: 21 - FTP (File Transfer Protocol) 23 - Telnet 25 - SMTP (Simple Mail Transfer Protocol) 80 - HTTP (HyperText Transfer Protocol)
IP Security Problems Having security problems depends on the facts that : IP was designed for use in a hostile environment, but it’s designers didn’t throug h ly anticipate how hostile the network itself might one day come. IP wasn’t designed to provide security IP is an evolving protocol
TCP/IP Weaknesses Protection through the use of privileged ports (0-1000) has little value since PCs have become TCP/IP clients. No traffic priority (easy to flood the network). Traffic can be injected, packets can be stolen or hijacked. UDP (datagram based) offers no authentication. TCP (connection based) offers weak authentication.
TCP/IP Weaknesses (cont.) No confidentiality (no encryption). IP spoofing is easy (weak authentication), machines can lie about IP addresses. Routers can be tricked. Header checksums are not sufficient. Checksums are easy to cheat (weak algorithm). Three Way Handshake However, TCP/IP is reliable, robust and the de-facto standard.
Some IP Based Attacks Network Sniffers (packet sniffing or eavesdropping): Attack to Confidentiality IP spoofing attacks : Masquarede Connection hijacking : Attack to Integrity Data Spoofing : Attack to Integrity
Some IP Based Attacks (cont.) To halt computers (disabling their intended use: Attack to Availability Denial of Service WinNuke(Nuking) TearDrop Ssping SYN Flooding Smurf Attacks to Nameservice - DNS Client flooding Bogus nameserver cache loading Rogue DNS servers
C ase S tudy : Attack on HTTP We can not restrict access if we have a Internet Site – WWW. A site (www.companyname.com) on a machine is open to attacks. A computer having an IP address connects to our site. Question : Is this IP correct? Can it be a masquerade? TCP makes three-way handshake to establish a connection. Meanwhile the connection information must be kept on a buffer. Question : What should be the buffer size? How long should the information be kept?
C ase S tudy: Syn Attack (cont.)
Case Study: Solutions Minimize the time that takes the sistem before emptying the connection information from the buffer. Increase the buffer capacity. Use Syn-cookies method. (This is used in Linux Systems) Watch the LAN with security programs.
PROTECTION METHODS Network Security Know your weaknesses Use encryption techniques Protect your network from outside (firewall, router access list ... Etc) Intrusion Detection, Network Monitoring IP v6 ? IPSec ?
IPv6 (IPng) IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). A larger address (128 bit): Most of today's internet uses IPv4, which is now nearly twenty years old. There is a growing shortage of IPv4 addresses It also adds many improvements to IPv4 in areas such as routing and network autoconfiguration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a transition period. Class of Service Improvements Supports Encryption For detailed IPv6 info http://www.ipv6.org
IPv6 versus IPv4 The major differences : Extended and hierarchical address space - 128bits instead of 32bits and the hierarchical nature improve the efficiency of the network. Plug and Play auto-configuration - Eases configuration, an enabler for IP in domestic appliances. Built in support for IP Security . Fixed length and simplified IP header - optimised for hardware implementation ( domestic appliances ) Extension Headers - Aids streamlining, simplicity, flexibility and makes the protocol future-proof. Improved support of Quality of Services, Multicast and Mobile IP.
IPsec IPsec protocols are designed to provide authentication, integrity and confidentiality services to both the current IP protocol (IPv4) and IPv6. Benefits of IPSec IPSec is below the transport layer and thus transparent to applications IPSec can be transparent to end users IPSec can even provide security for individual users if needed. IPSec is on its way becoming an Internet standard
Discussion & Conclusion IP Security is a very important concern that must be taken into consideration seriously. To provide security in a WAN or LAN : Encryption techniques must be standardizized. Firewalls are a must for corparate networks. Number of attacks are increasing day by day. It’s becouse TCP/IP became very popular, and there are a lot of people who are familiar with its strengths and weaknesses.
Discussion & Conclusion (continued) Watch out for New Attacks on the Net and take your precautions. IPsec will provide authentication, integrity and confidentiality services but it will take more years for it to be put into use. Using Network Monitoring Tools and careful Management is essential. IPv6 and Ipsec will solve many of the problems.
THE END Thank you very much for your kind attention

More Related Content

T C P I P Weaknesses And Solutions

  • 1. TCP/IP PROTOCOL SUITE WEAKNESSES & SOLUTIONS Enis Karaaslan Ege University International Computer Institute 35100 Bornova-İZMİR [email_address]
  • 2. Presentation Content TCP/IP Protocol Suite IP Security Problems TCP/IP Weaknesses IP Based Attacks Case Story - Attack on HTTP Protection Methods IPv6 SECURE IP –Ipsec Discussion & Conclusion
  • 3. TCP/IP Protocol Suite TCP/IP is a protocol suite which is used to transfer data through networks. It consists of several protocols. The most important is IP.   IP : mainly takes care of specifying where to send data. The main protocols associated with it are :   TCP (Transmission Control Protocol) UDP ( User Datagram Protocol) ICMP (Internet Control Message Protocol) :
  • 4. Relevant points about TCP/IP The TCP/IP protocol suite contains all protocols necessary to facilitate data transfer over the Internet The TCP/IP protocol suite provides quick, reliable networking without consuming heavy network resources TCP/IP is implemented on almost all computing platforms
  • 5. Addressing in TCP/IP Today millions of computers interact with eachother. There is a need to establish : A globally accepted method of identifying computers. To provide a universal communication service.
  • 6. Internet Address Classification IP Addresses (version 4) Five classes (A,B,C,D,E) Addresses are 32-bits. Class A - (0) – ( more than 65,536 (2^16) hosts ) Class B - (10) – (between 256 (2^8) and 65,536 (2^16) hosts ) Class C - (110) (less than 256 (2^8) hosts) Class D - (1110) - Multicast addressing. Class E - (11110) - Reserved for future use. IPv6 (proposed) uses 128 -bits.
  • 7. Port Numbers TCP/IP communication uses special port number which it connects to. Some well-known port numbers are: 21 - FTP (File Transfer Protocol) 23 - Telnet 25 - SMTP (Simple Mail Transfer Protocol) 80 - HTTP (HyperText Transfer Protocol)
  • 8. IP Security Problems Having security problems depends on the facts that : IP was designed for use in a hostile environment, but it’s designers didn’t throug h ly anticipate how hostile the network itself might one day come. IP wasn’t designed to provide security IP is an evolving protocol
  • 9. TCP/IP Weaknesses Protection through the use of privileged ports (0-1000) has little value since PCs have become TCP/IP clients. No traffic priority (easy to flood the network). Traffic can be injected, packets can be stolen or hijacked. UDP (datagram based) offers no authentication. TCP (connection based) offers weak authentication.
  • 10. TCP/IP Weaknesses (cont.) No confidentiality (no encryption). IP spoofing is easy (weak authentication), machines can lie about IP addresses. Routers can be tricked. Header checksums are not sufficient. Checksums are easy to cheat (weak algorithm). Three Way Handshake However, TCP/IP is reliable, robust and the de-facto standard.
  • 11. Some IP Based Attacks Network Sniffers (packet sniffing or eavesdropping): Attack to Confidentiality IP spoofing attacks : Masquarede Connection hijacking : Attack to Integrity Data Spoofing : Attack to Integrity
  • 12. Some IP Based Attacks (cont.) To halt computers (disabling their intended use: Attack to Availability Denial of Service WinNuke(Nuking) TearDrop Ssping SYN Flooding Smurf Attacks to Nameservice - DNS Client flooding Bogus nameserver cache loading Rogue DNS servers
  • 13. C ase S tudy : Attack on HTTP We can not restrict access if we have a Internet Site – WWW. A site (www.companyname.com) on a machine is open to attacks. A computer having an IP address connects to our site. Question : Is this IP correct? Can it be a masquerade? TCP makes three-way handshake to establish a connection. Meanwhile the connection information must be kept on a buffer. Question : What should be the buffer size? How long should the information be kept?
  • 14. C ase S tudy: Syn Attack (cont.)
  • 15. Case Study: Solutions Minimize the time that takes the sistem before emptying the connection information from the buffer. Increase the buffer capacity. Use Syn-cookies method. (This is used in Linux Systems) Watch the LAN with security programs.
  • 16. PROTECTION METHODS Network Security Know your weaknesses Use encryption techniques Protect your network from outside (firewall, router access list ... Etc) Intrusion Detection, Network Monitoring IP v6 ? IPSec ?
  • 17. IPv6 (IPng) IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). A larger address (128 bit): Most of today's internet uses IPv4, which is now nearly twenty years old. There is a growing shortage of IPv4 addresses It also adds many improvements to IPv4 in areas such as routing and network autoconfiguration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a transition period. Class of Service Improvements Supports Encryption For detailed IPv6 info http://www.ipv6.org
  • 18. IPv6 versus IPv4 The major differences : Extended and hierarchical address space - 128bits instead of 32bits and the hierarchical nature improve the efficiency of the network. Plug and Play auto-configuration - Eases configuration, an enabler for IP in domestic appliances. Built in support for IP Security . Fixed length and simplified IP header - optimised for hardware implementation ( domestic appliances ) Extension Headers - Aids streamlining, simplicity, flexibility and makes the protocol future-proof. Improved support of Quality of Services, Multicast and Mobile IP.
  • 19. IPsec IPsec protocols are designed to provide authentication, integrity and confidentiality services to both the current IP protocol (IPv4) and IPv6. Benefits of IPSec IPSec is below the transport layer and thus transparent to applications IPSec can be transparent to end users IPSec can even provide security for individual users if needed. IPSec is on its way becoming an Internet standard
  • 20. Discussion & Conclusion IP Security is a very important concern that must be taken into consideration seriously. To provide security in a WAN or LAN : Encryption techniques must be standardizized. Firewalls are a must for corparate networks. Number of attacks are increasing day by day. It’s becouse TCP/IP became very popular, and there are a lot of people who are familiar with its strengths and weaknesses.
  • 21. Discussion & Conclusion (continued) Watch out for New Attacks on the Net and take your precautions. IPsec will provide authentication, integrity and confidentiality services but it will take more years for it to be put into use. Using Network Monitoring Tools and careful Management is essential. IPv6 and Ipsec will solve many of the problems.
  • 22. THE END Thank you very much for your kind attention