Software Project Presentation Paper Study Part 1 Group member Liew Jiun Hau 20086034 Lee Shirly 20095815 Ong Ivy 20095040 Agenda Basic Networking Firewall ID: 487454
Download Presentation The PPT/PDF document "Port Knocking" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Port Knocking
Software Project Presentation
Paper
Study – Part 1
Group member:
Liew
Jiun
Hau
(20086034
)
Lee
Shirly
(20095815)
Ong
Ivy (20095040
)Slide2
Agenda
Basic Networking
Firewall
Network Attacks
Introduction to Port Knocking
Mechanism of Port KnockingSlide3
Introduction
Computer network is built on top of protocol stack
OSI Model: 7 layers
Operating system perform networking by using network socket as an interface to communicate to other hosts
TCP/IP is the most common network protocol stack in modern networking
Each host on the network are associated with an IP addressHowever, there are many application that may be performing network communication at the same timeOS uses ports to identify the applications that need to receive a certain network data
*Reference image taken from http://commons.wikimedia.org/wiki/File:Osi-model-jb.pngSlide4
TCP/IP – Internet Protocol Suite
A simpler model consist of 5 layers
Generally 2 types of packet
TCP Segment
UDP Datagram
3rd type is a RAW PacketUsed together with RAW SocketLimited support in Windows
More capabilities possible in UNIX/LINUX environment
Network
Transport
Data Link
Application
PhysicalSlide5
Client and Server
Usually Internet services are built around in a Client/Server model
Server that wish to offer services have to “listen” on a certain port using socket for requests
Client send request (follow server’s protocol) and initiate data exchange using a random port
This applies to Peer-2-Peer (P2P) hosts
Hosts act as both client and server instead of one at a timeAll P2P-hosts “listen” on a certain portThe ports that these servers are listening on are referred as an “open” portSlide6
Port Status
Generally, we can classify the status of a port into 3 types (using definition of
Nmap
)
Open – Active and accessible
Closed – Not active but it is still accessibleFiltered – UnknownUsually we can use a network port scanner to gain knowledge of the status of a certain portNetwork Mapper (Nmap) is a famous and popular tool that is freely available
Network scan can be legitimate or illegalTo detect and troubleshoot problem of network setup
To perform penetration check on firewall
It can also be used by malicious hacker as a preparation for attackSlide7
Firewall
An open port is susceptible to attacks
It is always accessible remotely
Anyone can connect to it (or try to)
A firewall can be used to protect the ports
Firewall is a network security measurementIt can protect the host by applying control to the traffic that flow through the networkCan be in the form of software or hardware
*Reference image taken from
http://www.linksysbycisco.com/static/us/Learning-Center/Network-Security/Protecting-Your-Individual-PC/Software-Firewall/Slide8
Firewall (cont)
Firewall can inspect network traffic
Based on a certain rules, it will allow or drop network packets into/from a host
Rules can be applied to both inbound and outbound network traffic
For server that listens to a port to provide a service, there is still a problem
That port must remain openThis create a network security riskAlthough extra security policy could be apply to mitigate the riskSlide9
Network Attacks
By using tools like
Nmap
, malicious hacker can find some open ports to penetrate the system
Nmap
can show the version of the server applications or services or even fingerprint the OS on the hostSome version of the services are vulnerable to certain attack, e.g. SSH v1.2.31 CRC-32 (2001)These attacks may allow the hacker to gain root (or admin) access, compromise and create more holes in the systemOther examplesBuffer-overflowTCP SYN-FloodPing-floodSlide10
Port Knocking
Port Knocking can be seen as a security mechanism for concealing open ports
If we were to explain in analogy, port knocking will be comparable to the secret door knock in the old days
To get the door open, one have to knock the correct sequence
There might be another question asking for secret password after knocking correctly
Door = PortSecret Knocks = Port Knock SequencePassword = Authenticatione.g. From SSHSlide11
Port Knocking (cont)
Port Knocking works together with Firewall
Giving an extra layer of protection
It is not a replacement for authentication
Port Knocking does 3 things:
Concealment – all packets are dropped except those established connectionService Protection – because all packets are dropped by default, it protects the services behind the portsUser Authentication – only trusted users who knows the secret knocks can open a port and connects to it
2 types of Port Knocking
Vanilla version
Single Packet Authorization (will be explained in next week)Slide12
Server
Port Knock Daemon
Mechanism of Port Knocking
SSHd
Application
Application
22
…
Client
Port Knock Client
SSH Client
5724
…
SYN: 5120
SYN: 128
SYN: 780Slide13
Mechanism of Port Knocking (cont)
Server
Port Knock Daemon
SSH
Application
Application
22
…
Client
Port Knock Client
SSH Client
…
5726
SSH
ReqSlide14
Port Knocking Explained
Port-knock messages will be dropped by the firewall as usual
But the daemon will take note of the knocks
Daemon will change firewall rule after receiving the correct knocks
Temporary allow packets from the client to connect the actual port
Once TCP connection is established, additional rules will be added to firewall to allow the entire TCP sessionDaemon can be implemented in 2 ways:Tracing the firewall logsSniffing packets before it is dropped by the firewallSlide15
Next Up
We will present about SPA and its details on our upcoming presentation
After both topic are discussed, we will perform a study on the issues and problems in port knocking
Questions?Slide16
Thank you