Topics Network topology Virtual LAN Port scanners and

Topics • • • Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise

Network topology • The arrangement or mapping of the elements(links, nodes, etc. ) of a network • Physical and logical topology

Layer 3 details • IP addresses • Subnetting – Subnet mask • Gateways and route information • Getting adjacency info • Relaxed security enforcement between machines on the same subnet

Virtual LAN • “…. a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location. ” • Software for network reconfiguration • Traffic segmentation and easy relocations

Layer 4 - Transport • Ports and Services • Common services listen to well-known ports – IANA – Easy to organize using well-known ports • Target for attackers • Vulnerable services • Port scanning

nmap utility • Free, open source utility for network exploration • Uses IP packets to determine what hosts are available and up on a network – Port information; Services offered – Versioning information – Used by sysadmins for

Packet Analyzers • Network protocol analyzer • Interactively browse packet data from a live network • tcpdump, netstat • GUIs exist

Weak protocols • telnet, ftp • http vs https – Relevance of digital certificates • Software vulnerabilities • OS systems and versions • SSL toolkit compromises

su and sudo commands • switch user command – su with no arguments defaults to root • sudo allows execution of commands as root – sudo bash ? ? ? • /etc/sudoers files

Firewalls • iptables program – Packet filtering • Control traffic flow from and to the system – Rule chains – Targets – Session states • /etc/sysconfig/iptables – sudo iptables -L

Buffer overflow attacks • Buffer overrun: process attempts to store data beyond the allowed memory boundaries • Segmentation fault, process termination or even modify the return address • Eggs

SQL Injection • $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; • // our My. SQL query builder really should check for injection $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; • // the new evil injection query would include a DELETE statement echo "Injection: ". $query_evil; • SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '

Homework Exercises 1 – Due March 6, 2009 • Get an account on the CS Linux servers and run nmap to gain an understanding on the network, the services available for access, their versioning information. • Explain how you can write to /etc/passwd file using passwd command though you do not have rights (as the regular user) to modify the contents of the file.

Homework Exercise 2 – Due March 13, 2006, 5 pm • Create a firewall rule (iptables) to allow Remote desktop connections to the server optimus. cs. uh. edu only if the connection is from on-campus. • Explain if the http support in gmail still maintains the privacy of email communication between the browser and gmail server.

Homework Exercise 3 – Due March 23, 2009 at 1 pm • Even if two users have identical passwords, the hashes of their passwords in the /etc/passwd file or /etc/shadow file are different. How is this done and why is it done? Explain in not more than a page.