IT103Microsoft Windows XP/OS Chap11

11

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Chapter 11

Chapter 11: CONFIGURING TCP/IP ADDRESSING AND SECURITY 2

OVERVIEW

Understand IP addressing

Manage IP subnetting and subnet masks

Understand IP security terminology

Manage Internet security features of Windows XP

Configure and troubleshoot Windows Firewall


Overview - 2

This chapter addresses advanced TCP/IP addressing and Internet security. It introduces students to classless interdomain routing (CIDR) subnetting and subnet masks, and it explores the binary nature of IP addresses and the knowledge necessary to troubleshoot addressing issues.

We will also introduce Windows XP Internet security features such as Windows Firewall. Proper configuration and operation of Windows Firewall can protect systems inexpensively.


UNDERSTANDING BINARY NUMBERS


CONVERTING DECIMAL ADDRESSES TO BINARY


CONVERTING BINARY ADDRESSES TO DECIMAL


USING CALCULATOR TO CONVERT NUMBERS


SUBNET MASKS


PROBLEMS WITH CLASSFUL ADDRESSES

Wasted addresses

Shortage of address blocks

Excessive routing table entries

Netblock - a range of consecutive IP addresses


…More detail…

Netblocks were rigid, so organizations needing a contiguous address space were assigned an address block that, in some cases, was vastly larger than they needed. One example was any organization assigned a Class A netblock. Who has 1.7 million public systems?

The supply of netblocks was limited. The Class A networks were all taken, and Class B networks were getting scarce.

To deal with the scarcity of Class B blocks, some organizations obtained multiple Class C blocks to support their requirements. This resulted in a proliferation of routing table entries because several entries would be required to support several Class C networks for a single organization.


SUBNETTING A LARGE NETWORK


Previous Slide…

This slide shows a Class A network being subnetted first into Class B networks and then into Class C networks.

This is one solution to the scarcity of Class B networks. It creates 256 Class B subnetworks for each Class A network divided in this way.

Each Class B network can then be divided into 256 Class C networks.


CLASSLESS INTERDOMAIN ROUTING (CIDR)


SUPERNETS


SECURING IP COMMUNICATIONS

Internet threats

Protective technologies

Configuring and managing Windows Firewall

Monitoring Internet communications security


INTERNET THREATS

Viruses (the oldest threat)

Worms (the most persistent threat)

Trojan horses

Spyware

Zombies

Direct hacking


VIRUSES

Take advantage of gullible users

Infect document, graphics, andexecutable files

Often include mass-mailing components

Can carry destructive payloads


Viruses (continued…)

Computer viruses have been around since 1975, when John Walker released a program called Pervade to distribute a game he had invented. The game replicated itself to UNIVAC systems everywhere and, according to some accounts, eventually ended up on UNIVAC system distribution tapes.

Since that time, many more virulent viruses have been written, and the damage they have caused in terms of time and money has been enormous. Corporations spend billions of dollars each year to protect themselves against viruses, and billions of dollars more when their protections fail.


WORMS

Self-replicating

Network-aware

Use bugs in programs or systems to spread

Can carry viruses or other payloads


Worms (continued…)

Worms scan networks looking for systems that are running operating systems or applications with certain known vulnerabilities. When they find a vulnerability, they insert themselves into the vulnerable system and begin using it to scan for more victims.

If a system is infected, any unpatched system connected to the network will be infected, repeating the cycle.

Discuss any recent news-making worms. Describe their attack vector and their payload. Discuss how infections from that particular worm might be prevented.


TROJAN HORSES

Usually e-mailed or downloaded

Appear to be a useful program or game

Carry payload or back door application


Trojan Horses (continued…)

Trojan horses rely on credulous victims. They appear on the Internet as useful programs or fun games.

When they are executed on the victim’s system, they install a back door application to let hackers control the system or they launch a viral payload on the victim.


SPYWARE

Has attributes of Trojan horses or worms

Spies on its victim

Might transmit marketing data or transmit personal data to the spyware author


Spyware (continued…)

Some spyware is voluntarily installed by users as part of a marketing agreement.

Other versions use viral or worm vectors to spread to target systems. Once installed, some versions simply collect demographic data.

Others log keystrokes or redirect browsers to sites that pay a royalty to the author.


ZOMBIES

Payload of worm or Trojan horse

Remotely controlled to attack network targets

Participate in large-scale assaults on public Web sites


Zombies (continued…)

Zombies are planted and controlled by hackers to attack large sites.

Fleets of zombies can be coordinated by one “zombie master” to direct large-scale attacks against targets.


DIRECT HACKING

Relatively low incidence Hardest form of attack to defeat

Although well-publicized by the movie industry, direct interactive penetration by hackers is relatively rare because it takes time, patience, and skill to locate vulnerable components on the intended victim’s system. Many hackers prefer to use mass attacks such as worms, Trojan horses, and viruses to gain access to systems.


PROTECTIVE TECHNOLOGIES

Security Center

Windows Firewall

Internet Connection Sharing (ICS)

Third-party utilities


SECURITY CENTER


FIREWALL TERMINOLOGY

Packet filtering The process of inspecting packet headers to

determine whether they are allowed to enter the network. Those that do not conform with established rules for address, port, or protocol type are dropped.

Stateful packet filtering A more advanced form of packet filtering where

inbound packets must be received in response to an initial communication from the system. Outbound traffic is tracked in a “state table,” and inbound packets must conform to expected reply traffic to those communications.



Exceptions (packet filter rules) Rules that allow some inbound traffic to

enter your system. For example, to allow Remote Desktop to enter your system if you want to access your system from work or school, you would enable an exception.



Allowed traffic Packet traffic that is allowed to pass the

firewall. Rejected traffic

Packet traffic that has not met acceptance rules and is dropped.

Logging The process by which firewalls maintain a

history of acceptance and rejection events. Logging is often used to discover penetration attempts or troubleshoot connectivity issues.


ENABLING WINDOWS FIREWALL


FIREWALL EXCEPTIONS


ADVANCED WINDOWS FIREWALL SETTINGS

ICMP -Internet Control Message

Protocol


MONITORING INTERNET SECURITY

Windows Firewall monitoring

Service logs

Event logs


WINDOWS FIREWALL ALERTS


WINDOWS FIREWALL LOGS


SERVER LOGS


SUMMARY

IP addresses are 32-bit binary addresses.

The network portion of IP addresses determines location.

CIDR allows creation of custom netblocks.

CIDR permits use of variable-length subnet masks.

Windows Firewall blocks unauthorized packets.

Windows Firewall exceptions allow specified traffic to pass through the firewall.

Alerts and logs warn of attempted attacks.

Documents

IT103Microsoft Windows XP/OS Chap11