Beginning Network Security Monitor and control flow into and out of the LAN Ingress Egress Only let in the good guys Only let out the corp. business How do they get in? Vulnerable services Unexpected format and/or quantity Inside information Accounts, passwords & configuration Lack of access control Weak/no passwords Virus payloads Unsafe computing practices Where do they get in? Network Services Intentional Unintentional User Conveniences
File Sharing File servers Spy-ware Conveniences BAD e-mail Practices Phishing scams Loop Backs Peer-to-Peer What do they get out? Intellectual Property myfip Spam remailers Tunes & toons server DoS platform Network services Intentional
ftp telnet DNS Mail servers http ssh https Web servers Network Services Unintentional Trojans Spyware Web services e-Wallets e-Cash
Inbound Secure Shell Protocol ssh Client Client connects to server's ssh port (22) Server New co nnectio hed Establis n tio connec n Server acknowledges client Secure Shell Protocol ssh Conn.
State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New client server
TCP >1023 22 Yes No client TCP 22 >1023 Yes Yes Client opens ssh connection Server
Est server acknowledges Est client server TCP >1023 22 No Yes Est server client
TCP 22 >1023 No Yes client Connection established Connection established File Transfer Protocol ftp Server Client Port 20 Port 21 data cmnd's User port User port Client connects to
server's ftp command port (21) Client acknowledges server New conn ection command port ommand Confirm c n port connectio n New connectio data port Confirm conne ction data port Server acknowledges client Server connects to client's ftp data port
File Transfer Protocol ftp Conn. State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New
client server TCP >1023 21 Yes No Est server client TCP 21 >1023
Yes Yes Rel server client TCP 20 >1023 Yes No Est client server TCP
>1023 20 Yes Yes Est server client TCP 20 >1023 No Yes Est
client server TCP >1023 21 No Yes Client opens ftp connection Server acknowledges client Server opens ftp data connection to client Client acknowledges connection to server Established TCP data connection - server to client Established TCP command connection - client to server
Http Conn. State Src Dest Addr. Protocol Addr. Src Dst Port SYN Port ACK Notes New client
server TCP >1023 80 Yes No client TCP 80 >1023 Yes Yes Client opens http connection
Server Est server acknowledges Est client server TCP >1023 80 No Yes Est server
client TCP 80 >1023 No Yes client Connection established Connection established What to do? Control! Who gets in What comes in Who goes out What goes out What services are offered Privileges
Blockers and Observers Blockers Filters Firewalls ACLs Observers IDS Packet Filters Look at the packet Varying depths of information in headers Accept or reject Depending on rules and filter type Three types Static Statefull Proxy Static Packet Filters Inspect only the IP address and packet header Each packet is accepted or rejected base only on the info in that packet Fast
Simple Stateful Packet Filters Tracks the state of each connection Maintains a state table of every connection Remembers permitted traffic Accepts or rejects based on the packet's place in a state table TCP Connection-oriented Protocol TCP Connection states are well defined Start-up Connected Shutting down TCP States RFC 793 CLOSED Non-state
SYN-RCVD Host receivec SYN Sent SYN-ACK FIN-WAIT-1 After the initial FIN is sent asking for a graceful shutdown SYN-SENT Host sent a SYN Waiting for a SYN-ACK ESTABLISHED After SYN , SYN-ACK, ACK have been sent LISTEN Server waiting for a connection
CLOSE-WAIT Host's state after FIN received and ACK has been sent TCP States RFC 793 FIN-WAIT-2 Host has received ACK in response to it's FIN and waits for the final FIN LAST-ACK State of host who has sent the second FIN to gracefully close
waits for acknowledgement TIME-WAIT State of initiating host having sent final ACK to a received ACK. Wait for a specific time, no response is expected CLOSING The state employed when a non-standard simultaneous close is used TCP States 3 way handshake CLOSED Client Server LISTEN SYN-SENT SYN
SYN-RCVD CK SYN A ESTABLISHED ACK ESTABLISHED TCP States Graceful Shutdown Client FIN_WAIT_1 Server ESTABLISHED FIN CLOSE_WAIT ACK FIN_WAIT_2 FIN
TIME_WAIT LAST_ACK ACK CLOSED TCP States Simultaneous Shutdown Client FIN_WAIT_1 CLOSING TIME_WAIT Server FIN AC K FIN K
AC FIN_WAIT_1 CLOSING TIME_WAIT UDP States Is connectionless Has no connection concept Has no sequence numbers IP addresses and ports are all we have Pseudo-states are based on IP and ports Shutdown is based on time out ICMP is UDP's error handler UDP/ICMP relation is important for pseudo-state tracking
Firewall Purpose Control Inbound and outbound traffic Control in accordance with a set of rules Reduce risk of LAN compromise Ensure you are a good network citizen Configuration Multi-ported host Set of rules and actions Set of states Firewalls Computer System Actions Rules States
Firewalls System Computer System Fast Memory At least 2 network interfaces Internal External Sometimes only 1 interface A desktop that does no routing Firewalls Actions Firewalls inspect all inbound and outbound network traffic Three actions possible Accept permit flow Reject send icmp error message Drop stealth mode Logs action Firewalls
Rules Ingress rules actions for inbound packets Egress rules actions for outbound packets Example: Src Addr. Action Dest Addr. any 172.16.13.3 Protocol TCP >1023 Src Port 22 Dst Port Yes
No SYN FIN Accept Firewalls States New Packets establishing a connection (tcp) Established Connection established and packet is related Related Packet is related to an established connection but different protocol or port Invalid Not one of the above Firewalls Internet Services Application protocols will determine the firewall rules Crucial to know how a connection is established
Crucial to know how a connection is maintained Firewalls Info for Rules Connection state Source IP Destination IP Protocol Source port Destination port SYN flag ACK flag
Hive Pig Hbase Flume Oozie Ambari Avro Mahout, Sqoop, Hcatalog, …. Big Data Technologies MapReduce MapReduce distributes the processing of very large multi-structured data files across a large cluster of ordinary machines/processors Goal - achieving high performance with "simple" computers...
Mutual fund adviser does it all sets up fund (organized as corporation or business trust) chooses investment style puts in initial board of directors Directors (or trustees) are ostensible watchdogs approves advisory contract approves fees supervises conflicts of interest Computation...
ECE 465 Teaching Philosophy Shantanu Dutt ECE Dept. UIC Teaching Philosophy Four Pillars: In-depth understanding of basic/fundamental principles: Besides understanding of fundamental issues, this also allows you to derive more complex results w/o blind memorization (you can only memorize so...
Review of Results from Double Auctions 20 different markets 10 buyers and 10 sellers in each market the 5 buyers and 5 sellers on page 178-179 plus their clones Prediction: P = $13 and Q = 26 results were very...
Both recursive and explicit formula can have both finite and infinite sequence. Ex 5: Consider all the sequences below, and identify which sequence is recursive/explicit and finite/infinite. C1 = 5, Cn = 2Cn-1, 2 n 6 D1 = 3, Dn...
Michal DRÁBEK Robert JUŘINA Poválečná elektrická vozba Tomáš ZÁRUBA Vlastislav WEINER Elektrická vozba po 2. světové válce za standardní se v ČSR před válkou považovala stejnosměrná trakční soustava o napětí 1500 V pražské spojky mezi stanicemi Praha Masarykovo n., Praha...