Cyber Security

Week 08
Professor Tahir Sabtain Syed
Security Through Network Technologies

• Internet routers normally drop packet with a private

address
 Network address translation (NAT)
 Modify network address information in packet headers
while in transit.
 Networking technique used to manage the shortage of
public IP addresses and enhance the security of private
networks.
 Allows private IP addresses to be used on the public
Internet
 Replaces private IP address with public address

2
Security Through Network Technologies

 Network address translation (NAT)

 Private and Public Addresses: Private IP addresses are
reserved for use within private networks and are not routable
on the internet. Public IP addresses are globally unique and
routable.
 Outgoing Traffic (Source NAT - SNAT): When a private
network initiates communication with an external server, the
NAT device replaces the source IP address of the packet with
its own public IP address.
 Incoming Traffic (Destination NAT - DNAT): When the
external server responds, the NAT device replaces its public
IP address in the destination field with the appropriate private
IP address.

3
Security Through Network Technologies

• Internet routers normally drop packet with a private

address
 Network address translation (NAT)
 Networking technique used to manage the shortage of public
IP addresses and enhance the security of private networks.
 Allows private IP addresses to be used on the public Internet
 Replaces private IP address with public address
 Port address translation (PAT)
 Variation of NAT
 Outgoing packets given same IP address but different TCP port
number

4
 Private IP addresses

Network address translation (NAT)

5
Security Through Network Technologies (cont’d.)

 Advantages of NAT
 Masks IP addresses of internal devices
 Allows multiple devices to share smaller number of
public IP addresses

6
Security Through Network Technologies (cont’d.)

 Network access control

 Ensures only devices meeting specific security criteria
are granted access to the network.
 This includes checking for the presence of antivirus
software, up-to-date operating systems, and other
security measures.
 Examines current state of system or network device:
 Before allowing network connection
 Device must meet set of criteria
 If not met, NAC allows connection to quarantine network until
deficiencies corrected

7
Network access control framework
8
Common Network Protocols
 Protocols
 Rules of conduct and communication
 Essential for proper communication between network
devices
 Transmission Control Protocol/Internet Protocol
(TCP/IP)
 Most common protocol suite used for local area
networks and the Internet

9
Common Network Protocols (cont’d.)
 IP
 Protocol that functions primarily at Open Systems
Interconnection (OSI) Network Layer (Layer 3)
 TCP
 Transport Layer (Layer 4) protocol
 Establishes connections and reliable data transport
between devices
 TCP/IP uses a four layer architecture
 Network Interface, Internet, Transport, Application

10
OSI model vs. TCP/IP model

11
Internet Control Message Protocol (ICMP)

 ICMP
 One of the core protocols of TCP/IP
 Used by devices to communicate updates or error
information to other devices
 ICMP is commonly used by network administrators
and diagnostic tools (such as the ping command) to
test the reachability of a host and measure the round-
trip time for packets to travel from the source to the
destination and back.

12
Common ICMP code values for Type 3, Destination Unreachable

13
Simple Network Management Protocol (SNMP)

 First introduced in 1988

 Supported by most network equipment
manufacturers
 Allows administrators to remotely monitor, manage,
and configure network devices
 Functions by exchanging management information
between network devices
 Each SNMP-managed device has an agent or
service
 Listens for and executes commands

14
Simple Network Management Protocol (cont’d.)

 Agents are password protected

 Password is known as community string
 Security vulnerabilities were present in SMNP
versions 1 and 2
 Versions 1 & 2: community strings passed in clear
 Version 3 introduced in 1998
 Uses usernames and passwords along with encryption to
address vulnerabilities

15
Domain Name System (DNS)
 DNS
A TCP/IP protocol that maps IP addresses to their
symbolic name
 Database with name of each site and corresponding
IP number
 Database is distributed to many different servers on
the Internet

16
Domain Name System (cont’d.)
 DNS can be the focus of attacks
 DNS poisoning substitutes fraudulent IP address
 Can be done in local host table or external DNS server
 Latest edition of DNS software prevents DNS poisoning
 Zone transfer allows attacker access to network,
hardware, and operating system information
 Port 53 – DNS Server zone transfers
 Port 67 – Client to Server DNS traffic

17
File Transfer Protocols
 TCP/IP protocols used for transferring files
 File
transfer protocol (FTP)
 Secure transfer protocol (SCP)

 Methods for using FTP on local host computer

 Command prompt
 Web browser
 FTP client

 Using FTP behind a firewall can present challenges

 FTP active mode
 FTP passive mode

18
File Transfer Protocols (cont’d.)
 FTP vulnerabilities – Ports 20 & 21
 Does not use encryption
 Files transferred using FTP vulnerable to man-in-the-
middle attacks
 Secure transmission options over FTP – Port
115
 Secure sockets layer (FTPS) encrypts commands
 Secure FTP (SFTP)

19
File Transfer Protocols (cont’d.)
 Secure Copy Protocol (SCP) – Port 22
 Enhanced version of Remote Copy Protocol
 Encrypts files and commands
 File transfer cannot be interrupted and resumed
 Found mainly on Linux and UNIX platforms

20
IPv6
 Current version of IP protocol is version 4 (IPv4)
 Developed in 1981
 Number of available IP address is limited to 4.3 billion
 Number of internet connected devices will grow beyond this
number
 Has security weaknesses
 Internet Protocol version 6 (IPv6)
 Nextgeneration of IP protocol
 Addresses weaknesses of IPv4

21
IPv4 and IPv6 headers

22
IPv6 (cont’d.)
 IPv6 (cont’d.)
 Provides enhanced security features
 Cryptographic protocols
 New authentication headers prevent IP packets from being
altered

23
Comparison of IPv4 and IPv6 headers 24
Telnet
 Protocol that allows users to establish a text-
based, bidirectional communication session with
another device over a network.
 Commonly used for remote management of devices
 insecure because it transmits data, including
usernames and passwords, in plain text.
 susceptible to interception and unauthorized access.

25
Telnet
 Remote Administration: Telnet is often used for
remote management of network devices, routers,
switches, and servers.
 Troubleshooting: Network administrators and
technicians use Telnet for troubleshooting and
diagnosing network issues by accessing remote
devices.
 Telnet is often replaced with more secure alternatives,
such as Secure Shell (SSH), which encrypts the
communication between the client and server

26
NetBIOS
 Network Basic Input/output System, is a networking
protocol used in early versions of Microsoft Windows
operating systems.
 It provides communication services on a local area
network (LAN) and allows applications on different
computers to communicate with each other.
 NetBIOS enables the identification of devices on a
network by providing a name resolution service.
 Each device on the network has a NetBIOS name,
allowing applications to refer to other devices by
name rather than by IP address.

27
NetBIOS
 NetBIOS operates at the session layer (Layer 5)
of the OSI model. It establishes and terminates
sessions between devices, facilitating
communication.
 NetBIOS can operate in both connection-
oriented and connectionless modes. In the
connection-oriented mode, a logical connection
is established before data transfer, similar to a
traditional telephone call. In connectionless
mode, data is sent without prior setup.

28