REI'UllLIKA E SIIQIPtltlSE

L'MVERSflli:TI "AU:KSA..'lJ~.R MOrslU" OL'RRtS

FAKtII,T£TI I TU(NOLOGJIS! S£ J~n)R.'lACIO!

ARSTRAKT

Knmunikimi "~ in=, dila di!!!' bilk dnk. u pi!:hlrpur me ri"ne I!t=~"d~".

Duke ju ror""'"rYondev< to ~''''' Shqiptemet e tyrc pIl'!~

dwto prolect yoursclffrom ontu:k? Tho aim ofthi< projecl is 10 ....wertbe abo"" q"",lia,", and holp US get an irl...bout the _,turO oflhe rn:twork, ..,wi,), ri,k, .nd also ",

I\IIRE~JOHJE

Para ,;; I!.ii~"'h I jam mir~nJohe. U: gjjtM p

TABF.LA E PF.RMUA.ITJES

KIIpitulli I lIYRJE

1.1 Motivimi , 1.2 Q~llifni , J.3 Metodologjio , Kapilulli 2 RRn:T1 DHE PRm'OKOLLET

2.1 Rlj.u , 2.2 ()p

3.7 Zbulimi; tnUikul " J.S Spoofing "3.9 P~arja 1a>btriml dho vjedhja "HO.3 I'urull\io.it. palc~ur " 3.IO.~ FIZiI.-liddlo "

4.1.3 SulmetDOS "

4.1.3.1DDOS " 4.1.32 Buff.. OYOl'flow "

4.1.4 Yinl'OI dbo programe '" 'i"''' koqdosh~,e " "

Kapitu\Jj S KUr.b£R.'fASAT E SIG1'-RIS£ TEKN1KAT DIlE ~1JLn;T

5.\ Teknil

5.2..1 ColfSi-l>ublik 0;0 shifrimi a.

LISTA E nGURAVF.

Kopirum Z: RRJEn DRE I'ROTOKOLLET

fig 2.1: Modell I ,htr.:Sllv< nc a,ldtekturi.!n OSI ;

Fig 2.2: Arkiloklura c ,immil OSI ,

l'ig23: Arki!elrturn ••

http:D3IOgro.rn

KapilUUJ !: KlNIJER'4ASAT E SIGURIS~~ TEl0iIKAT nilE )fJETET

Figu:a 5.1: Fu.ue punes ne nj.l = Qasjel eshCtbiato>-e Figure 5.2: !>\odrli i shifrimil konv,ncional. FigS,;:30RA Fig.S 4: Shifrin,; me ,.,I('s .,ime1rik fig.5,S: lIute"l;!umi duke p.:!rd",ur ;hifrimin Mlm'lrik Fig.5.6: N

Sb!aut.s,t ...~n1oru""

OS! _Open Sy:

KAPITULLll

flYRJE

LIlII.lin",i

No ~ epof.e 1< lidhje, uni,.",a1o d,ktronik. kur bota!!shtuhmc 111< fa. Dh. sh\l!ll~ bojn!! se ,..u!m peniorucSilo rl'1ld!,i>hem "PO njcr!!zit q! pe"lorin shpejt~l tI! l.rW komunikinti duh.!" meren PRIll'Ysh.

E Yi!""" ~,hl

toir"mbJjUOIl. Faza e anali,~s ItOrlu,m qc ju I~ h'lOni siilh~ nje"" lu:u, ,; ,oftware doe hard""",. nge. brenda c ~I!shl~ Ill! ~-.ndin

\.3 )I.todologjl.

Per to amtur q~lIimin ton!! do n. duhot te hetOjme pmamctrl'li. m~po,htme_

RrjOlK!ran;mete ,i1'llli'" dhe dob"sitc

Sig"ri" nga sulme,

TokniI:at, kuodi'rm'''' ••igurise db. mjotet

1.gjidhj

2.2 0P'" Sy.t,m Tnl.reuan.,jed :'lod.1 (OSI)

No vitin 1997, Organizata Nd!rihtTI:sa osr. l'urLk,iornhtcti i ~d" ,hl"8' .;hl~ ndry.,he nga n,iysloal P!'rvsltol,

Communlco~o" Medium

"

, , , , ,

Fj~ 2.1: Mod.:!i l shtn=vc nil IIlkitekrunln OSI

Kga""" ~.ti!r. nE>e ,hohim orkitekulm.c sistomil OSI. tre.nivdet e .b>mlcionitj3n! L! njohurni! 1Il~1I)TI' tI' qan!; 4'kil

OSI Reference Madel

OSI~rvkes

051 Prntocol. (

I'I~ 2.2: Arkitekturo • ,,;,Iemit OSI

1l,ht~ pribilcgj qc modell OS! p~,h" "sa .~""e ol1""""dho ...i1. Shl=.C ofron funksionali!hlr=~ e lam! )./+1 nok hlo prcl;ur 0'"' rnIlDd Ie Iheu>i "" model; ,.reC imbetur nul: do '" ndili>jc..

•

..... layer N

from Layer ~,

FI~ 2.3, Arkitekturo < ,Iroklure, OSI

S~rv!~oto •Lav.rN+I ••••••

Protocol

..,."(A,pp!lcationJ

••••••

"Total w~ Comm"':;

•

Oecompa••

Information Hldl"ll

-cation Function

OS/-Standards

(NW Man_Kern.n!,

Sewrity)

SbtrIom Interfuc, CHId," dh. "phy.ico1 medIUm'''. Kjo ,M..,! kuplon dhc transfDrmM 'ird"'e~ o!clctikelelektronike nil form~n

Sht.... D.'a Link

N

Encap

),{~n)"ta e lidbjcs:

Shlr= cnjShues•• k,lfu1 no mo

Shtresa e pestl! n~ mod.Un 0 ",fcrlmo,• • rrezantimi~ Kjo sltlrl"~ !:>hIe pCrgje~j!,e p~' 1',,",..1irnin c te dMnave ci!rsu.Wm"rrc., DO formen wofike. Kemp".",,; i \0 .then.vo

l.J r.klokollil TCPJ1P

Poke,•• proklkolli' Tcrill' eshtC zhvilluar pI!rpara mOOdil oS! [9]- Modeli Ilcl"ao:acfs OSllromistonni!.Jtlal~ sMr=. ndt'Jsa TCPllPka ,=b!a>ililz= (fi~ 2A) [IOJ. Ne knihasim me modelin • ",r=,~. OSI. pake..TCP ko Divel tl! 1_ tl! ...$.lij.. sl! ,,,,Ii""! Ie komunikimi! m.. burirru:vc nO desDnaoion. TCPIlP ka komunikim admini_tiv dh" W~rpunlmi! tl! ~ dh'Ill,,",' Ie b"u.,hm •. Aja ka dbjctra komJ"leshlesin "j~-

1---···.··----------·--------·..-.... ··.----·------.··.--...•••..-•••..•.": , ,i i Application I ! loverL.__. _.•___ •

, ,! i---i~j.---f_.r---- ---1;--- -----!-..:--;GW-1 i l~~~~~~~~~~~:'-----::::::::::l·:::::::::~-----~~::~~~:~-j

:---------------------------- -------------------- ---;---~ :, :----------~ (....._...----------.., ; .........,., ,~i L._~_j' IL~!~":~~~~.J-L_~.j ! ..,., L-o-c----······· .. ··..,.~t--C"---------··--..; .

...... j)-','v=-'-, ,L __ ..___. ___._.

, ••--••••••••••••••- .-- ------------·-····..·1

1.3.1 Shire,. Link

K,jo shtrese ~sht~ njolrur n

"

""!"""!",,,p ~""l ~>I tuVllIlllp dI :W!\I.Ji(J >!l!!jllIi!d-"-UOJ"uuuJul :(W!qWll~ :iiltlIILp.g •

"d] f"' , 1l;lO>'1"l ow J.np.mq f'" .' '~"PU' ",tw0J~" '[B' ~ ""r""d 'ill""''! l!"'n~l~ '1lI! [li"d ~"dOl 'P"q po"" ~ ru UO.IotI'!lI.1On ftlI'II Iml"P , ~""'" :.nrV ~!"! [\l.Iild

"II11jmIl~"ild ~l dI ~f" l~P""'1 JOtlp.mj ~ ;"'1'" B[U fi.!.!"W iI l,d o!\o,d ~f" q"l{l'" ill~'; ""~J~" 'u)l>!u ~1l'1ill

.. J,p:>"UIUI ",,!lIllIo!U. *!["" .f" '.rnv ~

-191 !!'I'!'I1unwo~ i!l'I"fI'lS ,,~r"H 1'[UlJjd;)1l1'=~ ;If'''illOIA ;ll pun", 01!P ,,'1'= "013J""'"1 ,"wotjl3:" ow l~OJ!P In'!P!l ! m~'~ ttl.,",,,, I!UlH!"mIlO~ ',~ ~qt(1::r "',""" "~P' Ptlnb "I!';l! ""p;mq 'fIS"'''' ;n l!q·S~ ~'OJP" ." "'lll illITIIIJ[ITIIlIDO'{ i1l ~'" am ",ill ~fu lqW UO!..IWO]tI! "rO~l'p .... TImd lod ~!q-1:£ dI ~'OJp1l >SO "'l1!li"j "0J)l" ''IP' nu(Imb ~l'!'~ IIJ!'> • '""""I'V • ,,!,,01"""!IS"P "/P DJW!""I q • 11P!'n 3 =rJll'l .•nJV'd oqp .ruvl(U!1 ~ 3 IOno~","'d ~au"'""" 1!IO!'n 3~"" u\lUl!li'!\!wHIIO'I n wiSl'W m"'IP RDlttplUSllt!.D '" ~~l ! JIU!l"'drnt1I

\OOQIDJ"d uOllnlo"H """'PPV ITn:

JlIV1I oqp dlIV ~MIIO~OIOJd~' '~d ! f.ltu,~S :9't:f!j

S$;;uppe ~aW~tn3 'SlIq'-S~

d. '" "IV SSaJPpe ~aWa~LlI 'S~!q·lE

http:JOtlp.mj

Ne sh_~_ data link. othemel dhe rokd!!sish,'" i shtrcsEs >I! int","""",ashlu.i dbo p('rle gji!l!< komunikimln ;nlemel....mking. Strukturo e prolokollil Ii: ,hlrc,~ s! Internetil ~ datagram, IP dh. vdo dat'wam !P kon,j,M[ nil burintin e ad,..

-

d""linacUmin e adme. IP c ella 1!shtJ! nga n-b;, n~ adr,ol!n fizike [lIJ. Duh ."Mid«u"r skeDlirin • shtn:sts SlIr.ll1Iw'; .jom

,

"VersiOll" njoftoD ",,,iom,,, !RniID'!m til IP q~ ckzi:lton oil d:ttn_rnIP; 0'. !.hl~ ~OD 4 0.. 6 ..... ypc of .....ioe" ~on ,herbirn. Ii! ""WIlla"; voneso"!. xhirojl dhc 19,tojae1j. ""Time 10 Ii'c~ fshtl! nj~ njeb....im tn" u....!rim mbrnpshqt grruIn;tIishl:", meodj .. '" tijl,.j.

Lc 1~ marrim oj< ,hembul! [13J. Shqyrtoni trafikon IP me aplil=ionin TCl'·dUlllp q~j.p te infonnacionin e n.voJ

2.3.2.2 P,.lnkoUi ICMI'

Di,a prej dho protokollev. "~ POPUIlDfe n~ ,htr=;en 0 rrj"'it n~ pokOI('n TCPIlP jan~ lnlnageme:nt Protocoi (JG),1f'). IQto prottlb>U. punojol! sa,o"'k' , me protob>lJin IP ohUagr3111 ~ q! db~ edoo replay. Pe dcstinacioni )"!\

--,,, eM, DnnIpll.~ -QIl"J· ~

•• • , Dostiru>tiOll unre.ctI.blc: t N.m~rk ""r=~Mble• I'1, H"'t~ •

1 , Protocol ~h~ • , PorI "nl'l'",clulble • , &1iT

Ll.l.3 ProtokolJi IGMP

Intemd Group ),fanogernont Protocol (IGMP) n&ian III< int

Actiye RoUl

Nivelli P,.Wkolleve Ii! Slj:urJ.~

2.3.2.4 P",lokolli II'S..

IPSec lshlil Die shtres.l! prolokolli tl! interno:til c db .fron siguri no! shtrelaJ. ~ inl

~ Architecture

~

Authentication

Protocol

Encryption

AlgorJthm

'0)

AuthenticatIon

Algorithm

'" I ManagemQnt Fig 1.14: AM'

N! m

eekn-eAH IIolSP

Ott.IP heade, TCP/I? hwder Data (ll> Payload)

Allin TUn,port Mod.

0..1!0 IP h••de, TCP/iP heade' D''''IIP Pav!odj

(Payload)

AHlnTunn

App1katlol1

TCPIUDP

Dal.

m D313 .~

'Tep,Or;:., PIli";,. , I , 'hdr.,,', , ,-">- ,

oril: ~, .

TIT 'D.t. '" " M, ,~ Mi i W,• , . , " ESP 3ulb

rnaspoo1mod.

,\ppU""dOI1

TCPIUDP

,

" "'"' "

Dill

" D.t. , m", .

, 0., "TcI'~ ~1).10" ,

,

0", '·iI.l.TIT ~ . . JPlIdrl.. Mr-,' , ••.• . ,

' hdr)f,1P bdr ... -- , ' ~, m ,.. aulb

,· " 'u","ESP ~D314',~ ESP . ESPN•• • 0",. :~Z: 'l•••!

Shiro... e 'rampo,lit WItt! ,ht"", 0 trctC nil ~!en 0 protokolleve TCP/lP 0 cil. konsi.lonkrye

moddo t~ ndry.hme arkitekturore ">< heade,. Kornklenstika kry'loro c protokollit l~ 'htresc rep c.ht~ protokoll i bcsuosMm. N~d~ men" njolijo ""'~ e eobimil Irr_d~ dcrgon p&sGri pakoume m~ pak gabim. drojt poo,"e,it M! [lO,hlf ":ill!" figura q! trogon disa korokto""ika ,hum~ t! pmtolollit TCP (fig 2.17) r61.

,o 15 16 - " SourcePon DestinationPon

S"'JUcnce Number -

Acknowledl'tem~t Number

H. lm

R~. U R G

A C K

P S II

R S T

S Y N

F l N

Window

Checksum ,Urgent Pointer

Opti= Padding

Fig 2.17: TCP Header

Poria BurlOl dhc De

Kumri ,.kUCI1cor dhe konfirmim:

Zbulimi g.blmil o.hle b~,~ "S" oumri sekuen

1) URO Bil: Ky flarnur ""~on k~kosl!" urgjenle te dhl!nave: ai eokton prloritet me lC larto n~ p.ketnl urgjonte.

2) ACK Hil: Ky flamm "(l m!'parsh~m 0..

50 Da/agJomo pEnnban ndoDie vkfetl! v""","" n\lll!Cr Djohje.

3) PSH Ilil: Ky flarnu, ...gun. bit shtytje. Ate punojlll! Irun~r bitil tJ"RG• .

4) RST Bit: bit RST ""~on k~rk,,~" e risi,lhl~ m~ 0 ri!ndi!';,l\mo '" besu

0 " II Soum:Pon Destination Port Mcss~ge Length Checksumf'

Data (ifany)

Fig 2.18: UDP Hoaclor

l'ii..U I ProlOkoliove Il Sigurue

K10 din pmtokolle to dial cfrojn< ,iguri n~ s~.tnIl1spMi~ l'rotokollet jam::

Secure Socket I.ay..- (SSL)

T"IIl'p"n Layer Scour;ty (lLS)

• S=Sbell (SSH)

n gjlth. p

Client

Secure SSH Tunnel SSM enllty SSH entity

TCP entity Unsecure TCP connection TCP entity

Fi~ 2.19: Udhj. TCl' n!pi!nnJe\ IUndit SSH

N~ ",!,,)r.,e Il.!;iashme SSL dh. TLS ofroj~ 'isurl n~ OplikaClOnc:t weI> n~ nive] te i""'>purut (fl 220) [14J

. . .

. '" HTIP FrP SMTP

..

SSLorTLS •

TCP

IP Fl~ 2.10..Nlveh I lrlIIl:.portlt n~ Web S""onty

2.3.4 AppU

protokollin UDP l< nJohur ,I ~pl.ikaciQn -Me",~o~ dbe n~ lidhjo me klto aplikuciono n! sh1r

2.3.4.2 PmlokulU PIP

Prutokolll cili pWloret pol' 12 tnucleruar ,""dod! nga burimi ne de,tinaoiun quhet Fil.

Transf.,. Protoeo[ (FTP). FTPUOIlskrnnsJreJ;r'lnemOny!!!rl!sillUJleoRabtnimilll!

dcsti""don peunes local area ucmwk OS< ....ide rea nelworlic P!rpan>.., to .'!n tidhjc t~ ,igurti1 !Didis ",..etil dho klientit n< aulhontikimin c pordo"",h.

Njo ~'l,r tipO! i flP protokollil eiilite 50. si hijen tidhje t!! dyfi'hta rep mes s,""orit dh.

kliollt'" l'(i~ lidhje ~,hto por autoJ,tikitnin c p.!rdorue'it dho e dyto! p.!r ""nsmetimin. to

dh,nave •

• •

Nivdi i 1'''''okel1...< '0 SJRu,is~

aient

,-------------------,

,-,,

~. Use'lotenace

Server

~--------------------CcnltolUse. Protocol I :I Serv., protocol

Interpreter ,, inte'l'tel2t , ccnnection ,

·U"" data

Inosf•• functlon

,,,,, , ~., , Serwrdat; m.fll. , , , ,, , CCMection , uan./erfunction ....1.10~'JStem , , c__________________""'•, .-------------------~

Fig 2.2J: P,o!7",i i I;dhj" fIT

Telne\~ njMjebl' oplikacion i fllm>hl'tnnl! persl"'ktivl'nc lidbj", .. njciit no m.. dy host"""'. Aklmtlisht Teln.! ofron lidhJ. n~ In"" te cdo ho

Telnet Telnet I..ogin Client

-------- .....~..... ....-2~$:..~~ .,, Pseudo- TCPI TePI Pseudo-Terminal " " Torminai drive, -. driver

L ____ Kemel ------ -- ----- ... ------ Kernel -----------------Tep connectIon

Usc.a• ........'oal .

. .

"

KAPITULLI3

K£RCEl\ThlET E STGURISE sit RlU.ETlT DIIE DQBESITE

Sigurla e Rrjnt.tik, IR:gII3f n! figun'!n3.1.

-". '" .'®

o 1\Pll!i lI,,,i1\l9l! 1999l11X1:11llI:!tll2 ?OOl"l>'200!

FJ~.3.1. (A) Numrl ! du1>e,ive t~ gje!"ra (B) Numri i evenj,yo t~ raportuara

Kdlkimi i ketyJe pi kave Ie do1>e,iv< dbe keroOnim,ve 'jell'" ndr}'>himio 0'" modilillmi!l e jeni

Kapja e fjal!kalitnit ",ht! nj~ IeIurikC n~ tI! oil

, jashU! lomp"'UslL P~rshernbull 01:.",,; no nog";I~' te dhonavc t~ dcpanameotoye h«i • paper:shtlt>hmo nga admi"i"r4iOrei pcr pl'rdoruo,il qil i p~rh,in nduqje dcpartamenl tje.a. Ne kl!ll! .... ,.dmjDj

9do i hun) 0 .. hacker q~ mund t~ ~j~ disa ndryshimc dll, pl'rstlnaoion,

Mung""." ,hifrimill~ I! dh~v<

P!rcioruo,; i cili ka to dro)ta pl'r to 1= I~ db""at ka £jim,,",,!" I~ dr")" po, Ie

.hkruor.

Mckoni,m; ; kontrolll til qn,jes q~ le)oo Ie d,ojta t~ paneYOj,hIne pl'r te shknw.

MWliosa e ",jele,'" If mbmjljes.

3.7 Zhlimll T",fllrut!f Rej.1l1

Kur no flasim plr ';gurin~. I! dbi;nav, ••hillim qe ka dy tipe '" nJI)">hIn. t~ dh~nnsh, ,~ pari upi i W dMnave j oil; nciodh", n~ kumpjmer dh.lipi i dyW Iru, I,"nsf"ohct ngo nj~ makin! ~ o,i~ tjet!ro,. ~ ne njoM 0 ~«iorueSY

3.~ N~.rj•• Funk'ionl! tU Rrj,tit

Funksioni Ib=clor i ~dQ njot; ~,ht~ q~ W nd.j~ bwimet dh< infQIDUW. P~c ndodn

brnjoti nul: ka ofrm'" funbionlllil!ite\i< "'" nil funhionalitc1. \C ndlyshme.

Dis.>. ~et ",und Ii! pl!rg.tita> ¢,t! l'n~ p.. per

nul< ooh«! sJ;theporfshir~se. disa ""ziqe mund te k,ne clemente t~ pCrb""hk!!ta n~ [",ha t~ yem [25],

3.10.1 Gabl ...1dhe U,blmol

KUhum! sohinn: lCpaq!lIim

Figure 3.3 Sbl:oltrrirnii infr~. ¢Cshl;a\; t! l~rmelcy"

3.10.4 FI,ik. dh. Infraotruktura

!;"donj!h",~ nalyra tr,son fuqiDll 0 ,ai_ Ai" h~rthl"'et ""llh'ike. sh¢rlhimct I>fn uif. humbja c komWli kirnil jane di... ngo _w,,,,,,"jl, tc dial mund Ie ihkaktoi"~ dome n(l «l gii"'! infra:.truklurl!n r"ike dh.'~ rrjCllt N. nuk mund tc h3rrn)",~ Qenmtn Bot!!ror. U: Trogti'-'! dh. O"n'IIll. Diso 11g0 k~W ,hkat,rrimo "mJtojo" nc m~nyr. 11) popri'"m. P~r "hemboli nit! "ult! ne dimOr, edhc P" IT]ctiju.:l) kompjutcnk !!"hlo! IOre,.;sh! funksional, I\i«hkak I! h~:s.c inf=ruLLurCs..

Fig l.~. TreSO' humbj

3.10.6 Ku,hlet • Aplikim". KeqdR,b!••

Programet. kcqd.:iliCs< j"n~ t. v~,htirll pl'r lu ~buh"". Ala m"nd ~j.n~ 1~ jnstRluar. perw",~i"'t n~ nj~ rook; nf .5O It' nd

KAPITULU4

SULMET E SIGURIS£ sF. RRJETlT

4.1 ""fponw:shm~ri. e 10 ditCn.n quh;:, DdC:rJl",Ij~. Di,pOll.' ,cshm'ri3 munarasle p.'!, ."kol

http:novoJ.hm

• " "OR~AL FLow

~ .~. " .

-~--

• .0. , S,u.i:, »..lI .."n

• , " •

" " ,

. ,

• ,

" , \' :

, " " .... -

, DonIHITZ ••

• , "

rigA.I. Llajet !h

:-;~ b"," W ~,yre kat,r sulm".. no mund t~ kl",irlkoj",~ mil loj ,ol""t • "guri,~, ,i sulme pas;>" dhe ,ul",. aktivo, Sulm

,

~ eo

-{ 'u

'0

o ..

o

...

.. ,

..

.~ ..="-.." ,

o ..

....

..

o

o

,

..

•

..

..

,

..

..

,

..

..

Figure 4_1, ~"Imot Aktive

"

4.1.1 SlIlm.t • Zbulimit

J.-Ib)odbja

Disa ,"1m. them.lote to zbu[;mltJono: PIICkel Sniffers

- Port ""an and ping .....,p

- lnLemel inforIIllll:ion que"""

4.1.1.1 r.deISniff," Si~ k"",i d;"ku!uar mo p"~ q~ t~ dh~n.t 10 oil.t udhW.jn~ noper njct ""kj>ll< n" n;cdMn e v:r7hdue>hmo t~ tt! dh~nav., purjan~ "~ fonn"" 0 pRket ••e. Sj~ • tin c ..wi,.!':; ~ pRk

p~rdorur hubot. r~, Wshmangur passivo ""iftLOg 'humica e nj

Switchc:t JlUl'njn~ n< OOZO t~ adr"llfiVC MAC, AUI ",blljnc nje tahd, w.ldrcss ",olU1ion protocol (ARP) ll~ "iO tip ,ped.1 memOJj< to qu,jtur ConLon! Add,',",abl< Memory (CAM). Tobd. ARP ka ,! 6liiw.., informa1a1 ,. hkon n~ nJ! menyre failo!'"" [29j dhc nuk mund tii k

4.1.l.2 ron So.n dh, PiD~ ~,,",p

Pon ..."" olio ping ,v,c:!emojtlll;; 10 Illalladll. eiMjone plr q~lIim.diagnostikuc••. t'ping ~.bl< nj" m,jct 1 perdorur plr kry.~en "pinS "'...p. Duk. ponuor ne funk,\on Ii! mtn,bullaket ",hill, met"[" nj(! 1i,1i! t~ adresave lP ,"(!rgollllj~ pako ping pOe njc adrefit! lP dlt. menjfu:ro vazhdon n' cirejtim l< adrcs!. lP tl! tir

~!nrnll!' ~I ~w """"!'

~rn IIUmnI .Il;!

'~! "".1'11 "l>II0~l1q ~I ~o[[ IU\!"'I~ in =rt>fdl;!d A!'11gOP • ",!!Iffi~S

. lll"lltlwnl'lw"'l 0 ~"I"~Ol1 ,m 0ll

"''"WN'"'!' "'"",lll.[nu,.a"rr """,'I'!' II(Id Ol,~ ,U 1II!1n~""I'"" fIUl'f OU'!qJe

n ndjej~ si~uriru! • fj.l~blunit P,~,word crocking mund te j>hJurct p!' til rekup

-Trost Exploitations

4.1.2.3 1'011 R.dlrldJ,lrin

Port22

Port Redirection

Flg~", 4.7 Port Redirectioll Amok

4.1.3 Sulmd DOS

LlQj

.

,

undosornje fillfr i eili 'Jnu."rton md.Hn < lC dhCJIao.-.; n.!

4.1.3.2 lIull" Overflow

.:'-Ie rnund Ie p qo bHllon"~ ,i

KAPlTULLIS

Kwmf~RMASAT E SIGURISE TEKNIKAT DUE MJETET

5.1 TekniJIJIi • Kund~'m.'.vo ti! SiK"'''''

Tdmikat p"C 1~ njetit TCPIIP dhe toli I punt's '" I}TC). perfOtTn.m:a Iwd""like n! nj.~ kCn:enimet e siprise dhe pika l~dobet!1Il! ITjet. Nii:'.gWwri c = "PO < .jetOr I"llIIt\d II: bc""hct nj~ .hkok per dobCsi n~ njet. I)uk. lwnslderuar analid!n c m~pI!rmo. ,humo o~ta k~tkim"'" kan< ""ktuar di.. ",tn;,," IhdbCsote ky~. If kLm

• . . ..

... . • C , Opl(mJz~ . .>, . C. Plnn. . . · , .-"

, . (

.

, OrwratJon Dc.I~D

, . , . •· ' .

... . ,. , linplem.cnl

•. . ... ;>

,

.. .

F;~"," 5.1: Fazat "pun!' ~~ nj

••

5.1.1 P.Utikat e Si~rl,U

Nj~ pOliliki: clOne.

~,I..J Dotektimi i Aklh·il.I.... ti Rrerik>hmo

l'",nia e ,",Iomil ;ntriI,lon d'iootion ka nj~ TOI t~ r!lldO,i.mom ll~ kunMrrnason. oiKLirls~, Studimi dhe "",lizimi i ,kodor!ve te logimit kund!!r olI!. ti! mbrnjturtc db!"", n!l" kOpj.. Duhct tejemi t! .iBu~f q~ te_IonaJronfodoncWc Q! DlOS kuptohennga perdoro'" tejashttlIL Kriptogrofia f,htl! ,tu

laipl-.:tCm eslua 1 ndare midi. d!'tgIJOjn~ vo

S.2.Z Shif..",o, K~,,""nciou!, ...0SI mo'dl••

Aio ishln • ""'mi. >kcm~ ,hifrirni nil di'poLi

~...c Ir c.....TI ..., C'''''IU''E~

" ~....,.,,,.,, , , ,

Fi&"ro 5.1: Modeli i ,hifrimi. kOllvcncionai

~"jI: gje eundesishm. e.bte so ,;guriae .hifiimil kon'"""iomIi Yare"{ nil" ~\e.i sdKtjo nga olgoriuni. f.dbo I\UO dijrne lelslin

No mwKI.~ krijoj~ "j~ ~.j", m

l'" Plain Ton

P~DK/[1'Jl.2{DKJ[C}]]

IDEA, Blowfish dh< RC5 jani: disa.sh'mbuj I!! disa'hifra,'e t~ kod= ,i",.trike.

Si~ e komi cii;ku!WIr mi hcITt ,e r~' komLLwkim te .igurt o! mo. t~ dy pal~v. dull,! I. k

;.;;;.., A dh. B kano pCnIorur m! p"rdorur nO shifrim« kon'l'Dci"",t~, ,,';metria pCnlo, dy .,.1""" "'"""ont!!. P"'e Key: Trarufonnim; nS" algoritrni ,hifrim;l >'RIt:! toblisht 0&0 low ~clcsa nto ~1"'\ j:m1 7.gje4ho, nc metyrl! \~ tille q" nc qoM5O djkush ,,:ilitc pl!rdomr pl:r shifrim, ~etri !!;hW perdorur r!' d"hifrlm.

4. Ciphor Text: Ky ~sht~ dalja e "'e,,,mit I~ fh~uar.

5. Decryption AlIlOrithm: R hmdarta e Itlgorilmit til shlfrimit.

S,:l.3.1 Puiml

(,01"",) publiko dhe privatei_ pOtdomr ne ,hifrimin mO ~cl~' publi!:. .

pl!n1OIttn~ nja rn~tjeti!r (Figura 5.5). Sbphnejemj m! III intcresuar"~ inl:grith1rim

Ii PRb ID:uwy':" pri>1lte

K"

1\4 -....

,

Fig.S.5: AUientik imi dole p

Dull.. t!j nj~ pale cll'Ole c ciIaqubet Certificw Authorily (eA). Ky amoritet~sl"" be>u,.."g' komunileli i Jl!~'" owrnl toi.l~ ¢o organi'.at/! qeveri,",o~o lCshOJl. nj~ oertifikate e ola perbChot ni:" ~cl~si publik, 11). pcrdoru"it t! zot~ru"i( '" ~elo,;t clho n~ fund i RiitM blloku n!nshkruhelng. AK. X, 509 e,hlo Dje ,kom~ ,lIIndarde q~ perdO,,",IILO shmnicCn c aplikaolnnc;'. 1

KAPlTULLI6

ZGJIDRJ.ET E STGURISE

Nc Ut~ soktor do t! diskutojt!ll! mj"'" tl' ndryshm••igurie dhc aplikacione tC eila!j~ ¢r'lorur .£ie~ishl tdh, n! diU'11ooa

6.1 Aplikim,t D! nivol .~Jdbj.

Zsjidnjel "SlIl'1ris~ o~ .hol t~ aplikimit U' ndRIf m~ I6.1.1.2x.s09

Ky ~sht.'! nj~ ~

~rdoruo:>i~ Ii! nln,hkruarng' p');;"i pri\"3t i alij grupi Ii! bosunrdho ky grup quhd Certificate Authority(CA).

6.1.2 NiHli Email

Mo e po"!niorura ilCfCsishI dh¢ nil ttll}! !sIlli! """'" ckklnlni l .. No do to dihq1Ll\ilur p~rpjekj. 0nj~ burrl Ie velful Philip R. Zlmm= i cili ,isuro; be""",hmen•• db. shl!rbime autentikimi pI' e-mail. dhc doljet OfIlik:uese Ie ruajtur:l. N~ di,~utuam shwna ~ kodimio konvero:ilutl i cili I'shl~ i sIlpcjlll, i baruar n~ nj! .KicdlUe Ii! "e!mc: diu: pI!~p!r Ie d)'jakodimin dhe drkcdimin. Sokteti i kt".JOCi; kodIIni ky .. dh. tcksti kodu

2- B=eshmw : pop ,iguron konfidem,j,ditctin _ koduar me,=Jrinmi gjellero" njo lIlo...h me 12S bit seon .. ky,o • oila ~Shl(' r""t~,I,ht • prudhuar velhttp:Watl!.ithttp:marr!.in

duke kudoar. n dlia POP dhc SIMl\fEj_ n! ,t""d:lltot IEf 11 por Sf.l.IlMI! ,he"')ot Ill! oje """""'" industrioL

6.1.3 Xinli IF

Duko aplikuar ,;gurine n~ nh..lin olP murn! II! .i8uroj~ ~j, komunikim te 'igwt! per 'pikU"'"t qe kan~ mek.ullizma tl ,igurlo, gjithashtll p~r 'plikimct me sigun 10 dabot.

6.l.J.llntornc1 Prot•••JSt

S- Alwfuni aulentik1mit: ",bulon pjcsCn 50 si struktut:!. • v~netimil diu: a1g",,"";' f'o'!rdorel pe.- AHdbc pe. ESP.

6·F",boo c intCIpr,tilllit (DOl): VI""'1 Ie cil.t j me II! tI:'rtuara pI!. dokunJ ""..t. ~o:a p~r tu lidhur me njl!m ~o_jonll t~ mbulU.!ll'a "S" DO).

7· !ikojm" ledlia • mbrojtjen All dbe ESP nil nje nivcl trafilrna1!!he~ dtJ t! n.o duhmdy Shoq,ri Sigutimi. MOnJ'TI' C Ir.msportit dl,. tunoli ; tt_pOrtiljome cly lIojot. ,hoqOri'o ,0 ,,;gurinlit tl oil.t ,igurojM Ilojo l< noJ}"hmc mbrojljesh p1r til dl,.",!. N!

lOnneo C transponill"b",jtj~sigurnn ponokolli:"cnj~ "i.,] «! ~.i~ f>b..: TCP, urn """ [Clot' kwse r>kOla c with! If'!. h!~ • mbmjUl' Dg!llransl"'n; lund ( e ¢ ..hkruarru! "b,len e mur i IPS !,In~ III ofrojc Slgurin~ o t~ gjith, oplikimc"" ~ ,hpernd",. 5i~ !,ht~ lnm>fcnmi i ~ do!"""", hyJja e dob"~ b)~. nC iIltemetdho

(SSL)'T"'.'port La)'., Soourily (TIS) dhe So, "'0 Etootronic T """,action (SEn t~ cit.. Jon. pcrdomr ~ sigurinI! web.

T.b.t. VU Transport Mode SA I TuI1net Modo SA

6.1.4.1 SSUILS

Qnsjc Ie ndrphmej3tll! p!rdorurpjt dho no Olund lli mlr"jm~ (r"Jikun. },"j1 tjet~r 7.gjidhjo e,blij (I~ I" ufrlljc ,iguri vet~n1 ",hi TCP (shih fi~urCn 6,2), S~T. e,hl~ ,~~ Ilg" mcioollznlO' m~ t~ p~rdo"'hm< 0 eila perdor mckoniuTlo lli

2. E njijta tdmikl! p!n>lri'ItI' per:o:n= l:ootrol!on ~.nir~ ~ klietlll~ db. ID e publikut .. ojo ~I< 1huarngo Autoriteti j be.h.nq. banka ti! jep infO!macione do kontrllll~je Eiitllli>htu idcntitctin t!l\d.

3. Duk" pfulorur lol:nikro lriplOgrafike mo

Figura6.4 ~b'Oll pjOS

2 RSAc n

, ~SSL Ctlange , -SSLAlort , J (;1J!!;If S.ooO : IO'rotOcol, .. ,.,' PrOtocol

S:~L.Record Protocol ,

"'"

,

Tep

,- " ,,~, "

Figura ~.J: SSt. PIOlowl SlaOlr.

n

SU PARTICIPAnT

tARO HOLDER

IIERCHANT

PAYMENT·

SATEWAY

fIg... 6.4, Pj~1 SET

6.2 Z/tiidhJa n! )Ii\\"01 ~;'l.mi

No bozo te tcknik.vc ct! kuncienn"".vo W ';gun" dhc mjct

http:kuncienn"".vohttp:tcknik.vc

"

.reruO!!uow", ,;?If ttO~ ~[I!"'I SOl"! "unr'"'!i" ~l i!'.(UlW iiN "DOl IIlI""1" ~ru uor!',

oqp ';)L'l om OhO~"I'~" "' 'If.fu a proll "'!Iff" ;)1 urunl!"OW SGiN -lOr" il" mq.,[llu \'i11UI1!!' "' '""'l' .ru ;)jl)''''O~ ''I''Q ~VW 0¥Z9 s?'=p. $,l1J.Iid HIn!p;llll l!lIIp[HITlUI"1 aJ ~

om ""* ill'l

'[it] ...=.(q!""":>JIIl[ >II ;!IU' iU S>IUO(Ili!d oIJIIl!"'!I"l~l"fl ~ lJ111!lqJl !='"l ~l!J"'d ~N

U0!P""P r=q "ItI"'J • ·"r... ,fU;lll n"'i'!<

,b ;ll1reJ'A ~ U'!~!ld" ;[\1 Jild ","TIJOp,;!d ~l Er", :l1 """"~jiH' ffirnlnU "'0 '"""f'!'O :l1 i!lI0~ .f" ," &nm(Ul\:n OA'['!PII ~ II!I1I"'TI .[OlOl!"O\U:l1 P""tIf Sal 'uu!"'''I'lP PloqPPI"'I='U.

"Offll"'! ,,"U ~P~" u.'I"pn 1!"IW>'l< ll"O>{lIl'!l"1' l.f""b ~'"'!'! ~ '"''1''"''''''' E(ll'rs ~"n l>.mA ofX

UU~!J

Ie giitM Iromuoikimin ~ 9.1,;1 1Fl",waU

Fig 6.4.1; }..lI)S B ...d N'twnrk

11",1 Based In'"..,iull d"ull'D 'p'.m (InOS) Roli dho wr.doojac Host b=nO IDS esht~ p.!w • ndry.IIm. "ga NIDS. Ho.-d ~elWOlk

Di>lnlmted inlru,ioB d""lloD ')""" (»ID8)

"" DIDS 1m nj" truokiru! komrolli qi:ndrore e oil. i:rycn nje rollo .dministralorit os< ",ena>i.hcril dbe W gjilhu ,",t,met IDS Ie mbcturo 'ilion ,i klknt~_ Makinol klionl IDS q\l11~n 4il~ ,.,""o,~ IDS. n J!iillt~ k/lo ~~ru;or~ ms mwtd ~ lbulojoo ndlrhyrj~ n, !!jet .,.., ,rnem dhe d"""'jnl! nJ! '.port mcnaxnerit ktJo •..".1OS. ~to Serumi: 10 j..,! na fotmen e NIDS H1DS, 0'. tl! dyjo. Pm. IlCmund Wthomi ,e DIDS ~,hW oj;; kombinim i dy ,i=-.:NlDS dh. IUDS. Nj~ tlpad

M..OIO,NIDS

FIg 6.4.3; DIDS Based N.t\\",~

FUIlbionet ~ nje si",.rnIIPSjonelc njqta.me .mem;n IDS. Ajomund lC punoje si ojesi. 1'"'........ e njob", si "KctWOtk &sed Intrusion l'n>Ia:lioa System (NIPS) q~ kanol ol1ilsi11e pet til bllokuar 0'. t!! mollojne ndonj! mi~IJlre~e t! r,",",ori

n

http:njqta.me

6.2..1 T.knikal

H.pi i par(! i nj;;: ""tivirusi ~,i1l!! so ka aftc,;nj! ¢rthbulunrviru,in 0'"' ndon)! pros"'m \i't~r W dem,h~m no ,;'1'111 e,. ne ,kedarH. Ii! dh~n.v',

lI\clltification

Pas funk,;enit Ii! dctcktimit hapi Idyte i njo antivi=i !,hl! '" ka aElo.inO per t! idclttifilruar nojin e .IN>it ktqdash~

H~a. Vil"';l ;;:,hte ""pi I fundi, i nj~ antiviru";.

Tcknik.t. FunksionnlllOlil W Anlivirus.v<

Ko shum" tdnilu\ funk>ienal. qe P

- -

• T.knikn c gjenerimil ~ doshif""" mto pare gj.neron!lie makin~ "irlualo na nj! m.kiII~ I~ v(!n.ol~ Kjomakin! virtu,,'" knh>rd,,""n: Ii: ploc! db. apIikBci"""'. njljla oi De makln~ 01J'_' - ---

nom", Pr=riptim -, - -- - - ,

V Vifus,;"c;,c,~I f:;I~.' I - ~~""~- , -m;dJ~ ..,.mh" ,. /~", -- , Cli"",

CIi",' madm. IllOcllln,

,

- --

• , - . , -- - • ,,.. ,- Ptlv~!" " --

..,, ;t ,"' .... 'n' ,I Clia,!

" Private NW'

,-.~,-

C1i~l-l'lg 6.4.4; Sis!om; Digitallmm1lllo

Nj~ 'i=m tli&hilill imuni!Hr cslrt~ nj~ t.krtike qc 'igumn oje mbrol* IrnndBr lot)'!"o llujCYC t~ vitu,.," t~ dlat kant; karaktori,tika t~ p te ,konimj. p< !o koml1nikimit nd!nnjet 'egm."t .... te ndryshme t~ "j.tit "PO zona [43J. Nj~ firewall mund U'! [I

Duke _ p3t3S)"Sh arlritckturen e Iidbjcs s(! nj~ fin:waIll:adi ... pika te ren~,ishmo ~ te diskutuar.

- Piziki,ht firew.11 ~,hl~ c lidhur me oy 0'0 m~ ,~umo '0 Of rrjmve nt1lCnnjet ndl!,I"oq~, ,~ ,aj. n~ mi)nyr~ q! lrafiku Ij.,ht~m cllL. j brCnd5h!m ko!lie pike t~ vetme pOt komLJJJ.ikim. P~",~ j giith~ ttaJlku cluhet W ko.lojo perme. fl"",..nper qirnil

Nj~ frrew.il kontroliM ,to sh,rbimo q~ duan t~ ko.lojru; p

Tipel • Firewall:

""disa Iloj. fire",,]]. AdInirIis~ato,a dw...:to! >..ooosln SO cili tip fi=>-aJli l>h'i! I duhuri per nj~ bmlroll arkittknu.: Ie dbl!n~ [43J. fi=>-aJl ..w.helal < vromo",111 pako, pa'lilj oj! P"ckt filet firewal) vendo. I~ lojoj~ "flO mohoj" pal:ctl!n.

I'";h" c paramet,av< t~ pIlkclilvc Mrmalishl pErmb ..n, burimiolodr.'

Pack.. fin., flrew.1I (In,.,upIMode)

IDO

Unl~."Ufi'"

U...

§ ~ IIII[J Q

Llnklontlflodp~ Fit•• FI,....nSERVER IDI~~> ,I~M"".)

,, ,, , ~ IIII , , ,

,

, , crJ § lOlsYri..l.CK:> Q

,~ P.dot FI~.t flfcW,n Unld.ntIIIed \tn""",pt Mocro} ,

rig 6.6: Packet FlI,,, Fi,..",'all no Tep lnlor'.pt Mode

Appli••tio" 1...01 G.'.way

1'1)0 "application l,v.1 fire",."u" ,ig"fOII m~ "hum~ _him dhe b"LloshmOri so nj~ packet fLiter fII'http:lnlor'.pt

SllItefui In,p"Uo. Flr.,..l1

l'le >fltteful inspecti

KAPITULL17

KONKLUZIO$ TIRE pu~"iTt ARllHSH.'1I.

7.1 KonJduziono

QeUimi i k!tij projekti i>hlo I~ oksploroi~ dobi:,ilo 0 njotit ne th.I1iguri,~ dh. ,gJidhjev< (, ,,~uri,~_ Sign'" "uk muud to quajm~ oj, /irowh pajisje .iglllie '" konfiguflllll1l.keq. Ne fund I< furn:\it i!sht!" nj~ njot nuk mund ,! jell! 100% i ,i~1!. :\Je&iithal< no mund t~ !l""'l1tojmtS ,;guri m! t~ mifl'! ne nio'in tonC. Kia anali/,f 0 pergJith;hmc e rejetil ~$I,,~" !le nuk qcndron_a."lj~h.fI'! no vcn~. Mjc"tct c ,uIm,Ye do vw.hdojoil til avancojn!!, ..,hru.j d~. "Iliiohj. c sipms.!. N~•• ndokush ,]u provoj, t~ q~"d'Je I pl'rdil

Rcfcrenca

[1] Willi"", Stallings '""ctWO,~ S«urit'[ Esson'hu.Applkati""" and Sto.nd:irM·

hnp;/Ipb WmIUO.ir,>TICnl1!! $O!!lfuplood.!J, J:i'rt",,,rk,,,,,,,uri'v=ria!,;--l,h-olj'jrD

"illiam.,I"Uing,-,,,1f

[2] p,,, .iguria e njetit dill! ,I".mij_ rt! rt!nd!si>h",o?

[3J Pse duhtt t~ oigumj m! infOf1llBciontt hllP;/,'mnfotd ,edUlirt/,oc"rj tyljnfonrurtion h' ml

[4] Networ!!. Mdcl;

h@:i/www.lC!!ip"uido.comlf!tti. ThcBcne~ ~QfN

[14] Williom Stalling.' "I'otwork S,curity E"ontial, Applic,rio"" oruI Sta/ldafW~

[lSI L'yl,;., Black "Internet Socunty Protnools. Protecting IP Traffio" ( Lib","),

[16] Jova Tutorial"

hrtp:IIj""J.'''n,comicloor,llmok''!]!ltoriaI1n

[27] Cle""""" L. (2010). Knncepti i siguri,e V~n~'io:

http://wwwbrigh.hub.comicom p"tin~/smb""'ll!jD"/"";0k,/312) 4 ,"'P'

[29JSniffll1S' hru>:!lwww.hock.....ent.. oo ...ijMp".pil""iHSC..Giljd../[ IhieR!_ Hack.:x!Snjffing h'ml

[30] Miohael Gxegg. (]«rrg< Mays. Chri. RiOdf

[31J lJoUmi i nje

[18J WilliomSl.1Ilings ~"K_ork Security Es.ontiabApplic"iou' and

Sl.!nd.rd," raqe 34·42

[40J \V"~liam Su: An Authenli

[49J Olobal Model United Not;on.! "The GloballDfcnnation Sociocy"

http·llwww.lln.or&l,tnun!"reb j)'e!2~ I0/" .'webd~vf,i[dl!lI1un!'""",md

P~1s"

hnp·lImob.~mmcds eb2aco!T)!Ncty.ml:%2QScoqriw pM

[55J K.Sor." "An OPNEr·bolOd ilinulatioto "pproach for doploying VoIP"

hllp;//www.rrgorcl ...... c.netinunFo.tioD12277003J6 An OP rmI_

[56] ~f""'oo Punnoi, Job,r!. S.B.Martins "TARV·OS - An Simulator (or

Perform.no< Even-B.se. An.lys;,. Supponing MPLS, RSVr·TIl, ,end Fa." "eouvory",

http://"IlIiv.or"lfip,'at"> iv/PI' poWI 40 I /] 401.7Q34 ndf

/51] "Crypt?graphy and N"",Q,t Securityn Xi..,g·Yang Li:

hllp;/Iwww C!.i i,-ed"!..."$49!!,,,,IU,.,!CNS.1 ,ode

http://"IlIiv.or"lfip,'athttp:Even-B.sehttp:Perform.nowww.rrgorclhttp:hrtp:Iiwww.lhhttp:Fire\v.li