Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
REI'UllLIKA E SIIQIPtltlSE
L'MVERSflli:TI "AU:KSA..'lJ~.R MOrslU" OL'RRtS
FAKtII,T£TI I TU(NOLOGJIS! S£ J~n)R.'lACIO!
ARSTRAKT
Knmunikimi "~ in=, dila di!!!' bilk dnk. u pi!:hlrpur me ri"ne I!t=~"d~".
Duke ju ror""'"rYondev< to ~''''' Shqiptemet e tyrc pIl'!~
dwto prolect yoursclffrom ontu:k? Tho aim ofthi< projecl is 10 ....wertbe abo"" q"",lia,", and holp US get an irl...bout the _,turO oflhe rn:twork, ..,wi,), ri,k, .nd also ",
I\IIRE~JOHJE
Para ,;; I!.ii~"'h I jam mir~nJohe. U: gjjtM p
TABF.LA E PF.RMUA.ITJES
KIIpitulli I lIYRJE
1.1 Motivimi , 1.2 Q~llifni , J.3 Metodologjio , Kapilulli 2 RRn:T1 DHE PRm'OKOLLET
2.1 Rlj.u , 2.2 ()p
3.7 Zbulimi; tnUikul " J.S Spoofing "3.9 P~arja 1a>btriml dho vjedhja "HO.3 I'urull\io.it. palc~ur " 3.IO.~ FIZiI.-liddlo "
4.1.3 SulmetDOS "
4.1.3.1DDOS " 4.1.32 Buff.. OYOl'flow "
4.1.4 Yinl'OI dbo programe '" 'i"''' koqdosh~,e " "
Kapitu\Jj S KUr.b£R.'fASAT E SIG1'-RIS£ TEKN1KAT DIlE ~1JLn;T
5.\ Teknil
5.2..1 ColfSi-l>ublik 0;0 shifrimi a.
LISTA E nGURAVF.
Kopirum Z: RRJEn DRE I'ROTOKOLLET
fig 2.1: Modell I ,htr.:Sllv< nc a,ldtekturi.!n OSI ;
Fig 2.2: Arkiloklura c ,immil OSI ,
l'ig23: Arki!elrturn ••
http:D3IOgro.rn
KapilUUJ !: KlNIJER'4ASAT E SIGURIS~~ TEl0iIKAT nilE )fJETET
Figu:a 5.1: Fu.ue punes ne nj.l = Qasjel eshCtbiato>-e Figure 5.2: !>\odrli i shifrimil konv,ncional. FigS,;:30RA Fig.S 4: Shifrin,; me ,.,I('s .,ime1rik fig.5,S: lIute"l;!umi duke p.:!rd",ur ;hifrimin Mlm'lrik Fig.5.6: N
Sb!aut.s,t ...~n1oru""
OS! _Open Sy:
KAPITULLll
flYRJE
LIlII.lin",i
No ~ epof.e 1< lidhje, uni,.",a1o d,ktronik. kur bota!!shtuhmc 111< fa. Dh. sh\l!ll~ bojn!! se ,..u!m peniorucSilo rl'1ld!,i>hem "PO njcr!!zit q! pe"lorin shpejt~l tI! l.rW komunikinti duh.!" meren PRIll'Ysh.
E Yi!""" ~,hl
toir"mbJjUOIl. Faza e anali,~s ItOrlu,m qc ju I~ h'lOni siilh~ nje"" lu:u, ,; ,oftware doe hard""",. nge. brenda c ~I!shl~ Ill! ~-.ndin
\.3 )I.todologjl.
Per to amtur q~lIimin ton!! do n. duhot te hetOjme pmamctrl'li. m~po,htme_
RrjOlK!ran;mete ,i1'llli'" dhe dob"sitc
Sig"ri" nga sulme,
TokniI:at, kuodi'rm'''' ••igurise db. mjotet
1.gjidhj
2.2 0P'" Sy.t,m Tnl.reuan.,jed :'lod.1 (OSI)
No vitin 1997, Organizata Nd!rihtTI:sa osr. l'urLk,iornhtcti i ~d" ,hl"8' .;hl~ ndry.,he nga n,iysloal P!'rvsltol,
Communlco~o" Medium
"
, , , , ,
Fj~ 2.1: Mod.:!i l shtn=vc nil IIlkitekrunln OSI
Kga""" ~.ti!r. nE>e ,hohim orkitekulm.c sistomil OSI. tre.nivdet e .b>mlcionitj3n! L! njohurni! 1Il~1I)TI' tI' qan!; 4'kil
OSI Reference Madel
OSI~rvkes
051 Prntocol. (
I'I~ 2.2: Arkitekturo • ,,;,Iemit OSI
1l,ht~ pribilcgj qc modell OS! p~,h" "sa .~""e ol1""""dho ...i1. Shl=.C ofron funksionali!hlr=~ e lam! )./+1 nok hlo prcl;ur 0'"' rnIlDd Ie Iheu>i "" model; ,.reC imbetur nul: do '" ndili>jc..
•
..... layer N
from Layer ~,
FI~ 2.3, Arkitekturo < ,Iroklure, OSI
S~rv!~oto •Lav.rN+I ••••••
Protocol
..,."(A,pp!lcationJ
••••••
"Total w~ Comm"':;
•
Oecompa••
Information Hldl"ll
-cation Function
OS/-Standards
(NW Man_Kern.n!,
Sewrity)
SbtrIom Interfuc, CHId," dh. "phy.ico1 medIUm'''. Kjo ,M..,! kuplon dhc transfDrmM 'ird"'e~ o!clctikelelektronike nil form~n
Sht.... D.'a Link
N
Encap
),{~n)"ta e lidbjcs:
Shlr= cnjShues•• k,lfu1 no mo
Shtresa e pestl! n~ mod.Un 0 ",fcrlmo,• • rrezantimi~ Kjo sltlrl"~ !:>hIe pCrgje~j!,e p~' 1',,",..1irnin c te dMnave ci!rsu.Wm"rrc., DO formen wofike. Kemp".",,; i \0 .then.vo
l.J r.klokollil TCPJ1P
Poke,•• proklkolli' Tcrill' eshtC zhvilluar pI!rpara mOOdil oS! [9]- Modeli Ilcl"ao:acfs OSllromistonni!.Jtlal~ sMr=. ndt'Jsa TCPllPka ,=b!a>ililz= (fi~ 2A) [IOJ. Ne knihasim me modelin • ",r=,~. OSI. pake..TCP ko Divel tl! 1_ tl! ...$.lij.. sl! ,,,,Ii""! Ie komunikimi! m.. burirru:vc nO desDnaoion. TCPIlP ka komunikim admini_tiv dh" W~rpunlmi! tl! ~ dh'Ill,,",' Ie b"u.,hm •. Aja ka dbjctra komJ"leshlesin "j~-
1---···.··----------·--------·..-.... ··.----·------.··.--...•••..-•••..•.": , ,i i Application I ! loverL.__. _.•___ •
, ,! i---i~j.---f_.r---- ---1;--- -----!-..:--;GW-1 i l~~~~~~~~~~~:'-----::::::::::l·:::::::::~-----~~::~~~:~-j
:---------------------------- -------------------- ---;---~ :, :----------~ (....._...----------.., ; .........,., ,~i L._~_j' IL~!~":~~~~.J-L_~.j ! ..,., L-o-c----······· .. ··..,.~t--C"---------··--..; .
...... j)-','v=-'-, ,L __ ..___. ___._.
, ••--••••••••••••••- .-- ------------·-····..·1
1.3.1 Shire,. Link
K,jo shtrese ~sht~ njolrur n
"
""!"""!",,,p ~""l ~>I tuVllIlllp dI :W!\I.Ji(J >!l!!jllIi!d-"-UOJ"uuuJul :(W!qWll~ :iiltlIILp.g •
"d] f"' , 1l;lO>'1"l ow J.np.mq f'" .' '~"PU' ",tw0J~" '[B' ~ ""r""d 'ill""''! l!"'n~l~ '1lI! [li"d ~"dOl 'P"q po"" ~ ru UO.IotI'!lI.1On ftlI'II Iml"P , ~""'" :.nrV ~!"! [\l.Iild
"II11jmIl~"ild ~l dI ~f" l~P""'1 JOtlp.mj ~ ;"'1'" B[U fi.!.!"W iI l,d o!\o,d ~f" q"l{l'" ill~'; ""~J~" 'u)l>!u ~1l'1ill
.. J,p:>"UIUI ",,!lIllIo!U. *!["" .f" '.rnv ~
-191 !!'I'!'I1unwo~ i!l'I"fI'lS ,,~r"H 1'[UlJjd;)1l1'=~ ;If'''illOIA ;ll pun", 01!P ,,'1'= "013J""'"1 ,"wotjl3:" ow l~OJ!P In'!P!l ! m~'~ ttl.,",,,, I!UlH!"mIlO~ ',~ ~qt(1::r "',""" "~P' Ptlnb "I!';l! ""p;mq 'fIS"'''' ;n l!q·S~ ~'OJP" ." "'lll illITIIIJ[ITIIlIDO'{ i1l ~'" am ",ill ~fu lqW UO!..IWO]tI! "rO~l'p .... TImd lod ~!q-1:£ dI ~'OJp1l >SO "'l1!li"j "0J)l" ''IP' nu(Imb ~l'!'~ IIJ!'> • '""""I'V • ,,!,,01"""!IS"P "/P DJW!""I q • 11P!'n 3 =rJll'l .•nJV'd oqp .ruvl(U!1 ~ 3 IOno~","'d ~au"'""" 1!IO!'n 3~"" u\lUl!li'!\!wHIIO'I n wiSl'W m"'IP RDlttplUSllt!.D '" ~~l ! JIU!l"'drnt1I
\OOQIDJ"d uOllnlo"H """'PPV ITn:
JlIV1I oqp dlIV ~MIIO~OIOJd~' '~d ! f.ltu,~S :9't:f!j
S$;;uppe ~aW~tn3 'SlIq'-S~
d. '" "IV SSaJPpe ~aWa~LlI 'S~!q·lE
http:JOtlp.mj
Ne sh_~_ data link. othemel dhe rokd!!sish,'" i shtrcsEs >I! int","""",ashlu.i dbo p('rle gji!l!< komunikimln ;nlemel....mking. Strukturo e prolokollil Ii: ,hlrc,~ s! Internetil ~ datagram, IP dh. vdo dat'wam !P kon,j,M[ nil burintin e ad,..
-
d""linacUmin e adme. IP c ella 1!shtJ! nga n-b;, n~ adr,ol!n fizike [lIJ. Duh ."Mid«u"r skeDlirin • shtn:sts SlIr.ll1Iw'; .jom
,
"VersiOll" njoftoD ",,,iom,,, !RniID'!m til IP q~ ckzi:lton oil d:ttn_rnIP; 0'. !.hl~ ~OD 4 0.. 6 ..... ypc of .....ioe" ~on ,herbirn. Ii! ""WIlla"; voneso"!. xhirojl dhc 19,tojae1j. ""Time 10 Ii'c~ fshtl! nj~ njeb....im tn" u....!rim mbrnpshqt grruIn;tIishl:", meodj .. '" tijl,.j.
Lc 1~ marrim oj< ,hembul! [13J. Shqyrtoni trafikon IP me aplil=ionin TCl'·dUlllp q~j.p te infonnacionin e n.voJ
2.3.2.2 P,.lnkoUi ICMI'
Di,a prej dho protokollev. "~ POPUIlDfe n~ ,htr=;en 0 rrj"'it n~ pokOI('n TCPIlP jan~ lnlnageme:nt Protocoi (JG),1f'). IQto prottlb>U. punojol! sa,o"'k' , me protob>lJin IP ohUagr3111 ~ q! db~ edoo replay. Pe dcstinacioni )"!\
--,,, eM, DnnIpll.~ -QIl"J· ~
•• • , Dostiru>tiOll unre.ctI.blc: t N.m~rk ""r=~Mble• I'1, H"'t~ •
1 , Protocol ~h~ • , PorI "nl'l'",clulble • , &1iT
Ll.l.3 ProtokolJi IGMP
Intemd Group ),fanogernont Protocol (IGMP) n&ian III< int
Actiye RoUl
Nivelli P,.Wkolleve Ii! Slj:urJ.~
2.3.2.4 P",lokolli II'S..
IPSec lshlil Die shtres.l! prolokolli tl! interno:til c db .fron siguri no! shtrelaJ. ~ inl
~ Architecture
~
Authentication
Protocol
Encryption
AlgorJthm
'0)
AuthenticatIon
Algorithm
'" I ManagemQnt Fig 1.14: AM'
N! m
eekn-eAH IIolSP
Ott.IP heade, TCP/I? hwder Data (ll> Payload)
Allin TUn,port Mod.
0..1!0 IP h••de, TCP/iP heade' D''''IIP Pav!odj
(Payload)
AHlnTunn
App1katlol1
TCPIUDP
Dal.
m D313 .~
'Tep,Or;:., PIli";,. , I , 'hdr.,,', , ,-">- ,
oril: ~, .
TIT 'D.t. '" " M, ,~ Mi i W,• , . , " ESP 3ulb
rnaspoo1mod.
,\ppU""dOI1
TCPIUDP
,
" "'"' "
Dill
" D.t. , m", .
, 0., "TcI'~ ~1).10" ,
,
0", '·iI.l.TIT ~ . . JPlIdrl.. Mr-,' , ••.• . ,
' hdr)f,1P bdr ... -- , ' ~, m ,.. aulb
,· " 'u","ESP ~D314',~ ESP . ESPN•• • 0",. :~Z: 'l•••!
Shiro... e 'rampo,lit WItt! ,ht"", 0 trctC nil ~!en 0 protokolleve TCP/lP 0 cil. konsi.lonkrye
moddo t~ ndry.hme arkitekturore ">< heade,. Kornklenstika kry'loro c protokollit l~ 'htresc rep c.ht~ protokoll i bcsuosMm. N~d~ men" njolijo ""'~ e eobimil Irr_d~ dcrgon p&sGri pakoume m~ pak gabim. drojt poo,"e,it M! [lO,hlf ":ill!" figura q! trogon disa korokto""ika ,hum~ t! pmtolollit TCP (fig 2.17) r61.
,o 15 16 - " SourcePon DestinationPon
S"'JUcnce Number -
Acknowledl'tem~t Number
H. lm
R~. U R G
A C K
P S II
R S T
S Y N
F l N
Window
Checksum ,Urgent Pointer
Opti= Padding
Fig 2.17: TCP Header
Poria BurlOl dhc De
Kumri ,.kUCI1cor dhe konfirmim:
Zbulimi g.blmil o.hle b~,~ "S" oumri sekuen
1) URO Bil: Ky flarnur ""~on k~kosl!" urgjenle te dhl!nave: ai eokton prloritet me lC larto n~ p.ketnl urgjonte.
2) ACK Hil: Ky flamm "(l m!'parsh~m 0..
50 Da/agJomo pEnnban ndoDie vkfetl! v""","" n\lll!Cr Djohje.
3) PSH Ilil: Ky flarnu, ...gun. bit shtytje. Ate punojlll! Irun~r bitil tJ"RG• .
4) RST Bit: bit RST ""~on k~rk,,~" e risi,lhl~ m~ 0 ri!ndi!';,l\mo '" besu
0 " II Soum:Pon Destination Port Mcss~ge Length Checksumf'
Data (ifany)
Fig 2.18: UDP Hoaclor
l'ii..U I ProlOkoliove Il Sigurue
K10 din pmtokolle to dial cfrojn< ,iguri n~ s~.tnIl1spMi~ l'rotokollet jam::
Secure Socket I.ay..- (SSL)
T"IIl'p"n Layer Scour;ty (lLS)
• S=Sbell (SSH)
n gjlth. p
Client
Secure SSH Tunnel SSM enllty SSH entity
TCP entity Unsecure TCP connection TCP entity
Fi~ 2.19: Udhj. TCl' n!pi!nnJe\ IUndit SSH
N~ ",!,,)r.,e Il.!;iashme SSL dh. TLS ofroj~ 'isurl n~ OplikaClOnc:t weI> n~ nive] te i""'>purut (fl 220) [14J
. . .
. '" HTIP FrP SMTP
..
SSLorTLS •
TCP
IP Fl~ 2.10..Nlveh I lrlIIl:.portlt n~ Web S""onty
2.3.4 AppU
protokollin UDP l< nJohur ,I ~pl.ikaciQn -Me",~o~ dbe n~ lidhjo me klto aplikuciono n! sh1r
2.3.4.2 PmlokulU PIP
Prutokolll cili pWloret pol' 12 tnucleruar ,""dod! nga burimi ne de,tinaoiun quhet Fil.
Transf.,. Protoeo[ (FTP). FTPUOIlskrnnsJreJ;r'lnemOny!!!rl!sillUJleoRabtnimilll!
dcsti""don peunes local area ucmwk OS< ....ide rea nelworlic P!rpan>.., to .'!n tidhjc t~ ,igurti1 !Didis ",..etil dho klientit n< aulhontikimin c pordo"",h.
Njo ~'l,r tipO! i flP protokollil eiilite 50. si hijen tidhje t!! dyfi'hta rep mes s,""orit dh.
kliollt'" l'(i~ lidhje ~,hto por autoJ,tikitnin c p.!rdorue'it dho e dyto! p.!r ""nsmetimin. to
dh,nave •
• •
Nivdi i 1'''''okel1...< '0 SJRu,is~
aient
,-------------------,
,-,,
~. Use'lotenace
Server
~--------------------CcnltolUse. Protocol I :I Serv., protocol
Interpreter ,, inte'l'tel2t , ccnnection ,
·U"" data
Inosf•• functlon
,,,,, , ~., , Serwrdat; m.fll. , , , ,, , CCMection , uan./erfunction ....1.10~'JStem , , c__________________""'•, .-------------------~
Fig 2.2J: P,o!7",i i I;dhj" fIT
Telne\~ njMjebl' oplikacion i fllm>hl'tnnl! persl"'ktivl'nc lidbj", .. njciit no m.. dy host"""'. Aklmtlisht Teln.! ofron lidhJ. n~ In"" te cdo ho
Telnet Telnet I..ogin Client
-------- .....~..... ....-2~$:..~~ .,, Pseudo- TCPI TePI Pseudo-Terminal " " Torminai drive, -. driver
L ____ Kemel ------ -- ----- ... ------ Kernel -----------------Tep connectIon
Usc.a• ........'oal .
. .
"
KAPITULLI3
K£RCEl\ThlET E STGURISE sit RlU.ETlT DIIE DQBESITE
Sigurla e Rrjnt.tik, IR:gII3f n! figun'!n3.1.
-". '" .'®
o 1\Pll!i lI,,,i1\l9l! 1999l11X1:11llI:!tll2 ?OOl"l>'200!
FJ~.3.1. (A) Numrl ! du1>e,ive t~ gje!"ra (B) Numri i evenj,yo t~ raportuara
Kdlkimi i ketyJe pi kave Ie do1>e,iv< dbe keroOnim,ve 'jell'" ndr}'>himio 0'" modilillmi!l e jeni
Kapja e fjal!kalitnit ",ht! nj~ IeIurikC n~ tI! oil
, jashU! lomp"'UslL P~rshernbull 01:.",,; no nog";I~' te dhonavc t~ dcpanameotoye h«i • paper:shtlt>hmo nga admi"i"r4iOrei pcr pl'rdoruo,il qil i p~rh,in nduqje dcpartamenl tje.a. Ne kl!ll! .... ,.dmjDj
9do i hun) 0 .. hacker q~ mund t~ ~j~ disa ndryshimc dll, pl'rstlnaoion,
Mung""." ,hifrimill~ I! dh~v<
P!rcioruo,; i cili ka to dro)ta pl'r to 1= I~ db""at ka £jim,,",,!" I~ dr")" po, Ie
.hkruor.
Mckoni,m; ; kontrolll til qn,jes q~ le)oo Ie d,ojta t~ paneYOj,hIne pl'r te shknw.
MWliosa e ",jele,'" If mbmjljes.
3.7 Zhlimll T",fllrut!f Rej.1l1
Kur no flasim plr ';gurin~. I! dbi;nav, ••hillim qe ka dy tipe '" nJI)">hIn. t~ dh~nnsh, ,~ pari upi i W dMnave j oil; nciodh", n~ kumpjmer dh.lipi i dyW Iru, I,"nsf"ohct ngo nj~ makin! ~ o,i~ tjet!ro,. ~ ne njoM 0 ~«iorueSY
3.~ N~.rj•• Funk'ionl! tU Rrj,tit
Funksioni Ib=clor i ~dQ njot; ~,ht~ q~ W nd.j~ bwimet dh< infQIDUW. P~c ndodn
brnjoti nul: ka ofrm'" funbionlllil!ite\i< "'" nil funhionalitc1. \C ndlyshme.
Dis.>. ~et ",und Ii! pl!rg.tita> ¢,t! l'n~ p.. per
nul< ooh«! sJ;theporfshir~se. disa ""ziqe mund te k,ne clemente t~ pCrb""hk!!ta n~ [",ha t~ yem [25],
3.10.1 Gabl ...1dhe U,blmol
KUhum! sohinn: lCpaq!lIim
Figure 3.3 Sbl:oltrrirnii infr~. ¢Cshl;a\; t! l~rmelcy"
3.10.4 FI,ik. dh. Infraotruktura
!;"donj!h",~ nalyra tr,son fuqiDll 0 ,ai_ Ai" h~rthl"'et ""llh'ike. sh¢rlhimct I>fn uif. humbja c komWli kirnil jane di... ngo _w,,,,,,"jl, tc dial mund Ie ihkaktoi"~ dome n(l «l gii"'! infra:.truklurl!n r"ike dh.'~ rrjCllt N. nuk mund tc h3rrn)",~ Qenmtn Bot!!ror. U: Trogti'-'! dh. O"n'IIll. Diso 11g0 k~W ,hkat,rrimo "mJtojo" nc m~nyr. 11) popri'"m. P~r "hemboli nit! "ult! ne dimOr, edhc P" IT]ctiju.:l) kompjutcnk !!"hlo! IOre,.;sh! funksional, I\i«hkak I! h~:s.c inf=ruLLurCs..
Fig l.~. TreSO' humbj
3.10.6 Ku,hlet • Aplikim". KeqdR,b!••
Programet. kcqd.:iliCs< j"n~ t. v~,htirll pl'r lu ~buh"". Ala m"nd ~j.n~ 1~ jnstRluar. perw",~i"'t n~ nj~ rook; nf .5O It' nd
KAPITULU4
SULMET E SIGURIS£ sF. RRJETlT
4.1 ""fponw:shm~ri. e 10 ditCn.n quh;:, DdC:rJl",Ij~. Di,pOll.' ,cshm'ri3 munarasle p.'!, ."kol
http:novoJ.hm
• " "OR~AL FLow
~ .~. " .
-~--
• .0. , S,u.i:, »..lI .."n
• , " •
" " ,
. ,
• ,
" , \' :
, " " .... -
, DonIHITZ ••
• , "
rigA.I. Llajet !h
:-;~ b"," W ~,yre kat,r sulm".. no mund t~ kl",irlkoj",~ mil loj ,ol""t • "guri,~, ,i sulme pas;>" dhe ,ul",. aktivo, Sulm
,
~ eo
-{ 'u
'0
o ..
o
...
.. ,
..
.~ ..="-.." ,
o ..
....
..
o
o
,
..
•
..
..
,
..
..
,
..
..
Figure 4_1, ~"Imot Aktive
"
4.1.1 SlIlm.t • Zbulimit
J.-Ib)odbja
Disa ,"1m. them.lote to zbu[;mltJono: PIICkel Sniffers
- Port ""an and ping .....,p
- lnLemel inforIIllll:ion que"""
4.1.1.1 r.deISniff," Si~ k"",i d;"ku!uar mo p"~ q~ t~ dh~n.t 10 oil.t udhW.jn~ noper njct ""kj>ll< n" n;cdMn e v:r7hdue>hmo t~ tt! dh~nav., purjan~ "~ fonn"" 0 pRket ••e. Sj~ • tin c ..wi,.!':; ~ pRk
p~rdorur hubot. r~, Wshmangur passivo ""iftLOg 'humica e nj
Switchc:t JlUl'njn~ n< OOZO t~ adr"llfiVC MAC, AUI ",blljnc nje tahd, w.ldrcss ",olU1ion protocol (ARP) ll~ "iO tip ,ped.1 memOJj< to qu,jtur ConLon! Add,',",abl< Memory (CAM). Tobd. ARP ka ,! 6liiw.., informa1a1 ,. hkon n~ nJ! menyre failo!'"" [29j dhc nuk mund tii k
4.1.l.2 ron So.n dh, PiD~ ~,,",p
Pon ..."" olio ping ,v,c:!emojtlll;; 10 Illalladll. eiMjone plr q~lIim.diagnostikuc••. t'ping ~.bl< nj" m,jct 1 perdorur plr kry.~en "pinS "'...p. Duk. ponuor ne funk,\on Ii! mtn,bullaket ",hill, met"[" nj(! 1i,1i! t~ adresave lP ,"(!rgollllj~ pako ping pOe njc adrefit! lP dlt. menjfu:ro vazhdon n' cirejtim l< adrcs!. lP tl! tir
~!nrnll!' ~I ~w """"!'
~rn IIUmnI .Il;!
'~! "".1'11 "l>II0~l1q ~I ~o[[ IU\!"'I~ in =rt>fdl;!d A!'11gOP • ",!!Iffi~S
. lll"lltlwnl'lw"'l 0 ~"I"~Ol1 ,m 0ll
"''"WN'"'!' "'"",lll.[nu,.a"rr """,'I'!' II(Id Ol,~ ,U 1II!1n~""I'"" fIUl'f OU'!qJe
n ndjej~ si~uriru! • fj.l~blunit P,~,word crocking mund te j>hJurct p!' til rekup
-Trost Exploitations
4.1.2.3 1'011 R.dlrldJ,lrin
Port22
Port Redirection
Flg~", 4.7 Port Redirectioll Amok
4.1.3 Sulmd DOS
LlQj
.
,
undosornje fillfr i eili 'Jnu."rton md.Hn < lC dhCJIao.-.; n.!
4.1.3.2 lIull" Overflow
.:'-Ie rnund Ie p qo bHllon"~ ,i
KAPlTULLIS
Kwmf~RMASAT E SIGURISE TEKNIKAT DUE MJETET
5.1 TekniJIJIi • Kund~'m.'.vo ti! SiK"'''''
Tdmikat p"C 1~ njetit TCPIIP dhe toli I punt's '" I}TC). perfOtTn.m:a Iwd""like n! nj.~ kCn:enimet e siprise dhe pika l~dobet!1Il! ITjet. Nii:'.gWwri c = "PO < .jetOr I"llIIt\d II: bc""hct nj~ .hkok per dobCsi n~ njet. I)uk. lwnslderuar analid!n c m~pI!rmo. ,humo o~ta k~tkim"'" kan< ""ktuar di.. ",tn;,," IhdbCsote ky~. If kLm
• . . ..
... . • C , Opl(mJz~ . .>, . C. Plnn. . . · , .-"
, . (
.
, OrwratJon Dc.I~D
, . , . •· ' .
... . ,. , linplem.cnl
•. . ... ;>
,
.. .
F;~"," 5.1: Fazat "pun!' ~~ nj
••
5.1.1 P.Utikat e Si~rl,U
Nj~ pOliliki: clOne.
~,I..J Dotektimi i Aklh·il.I.... ti Rrerik>hmo
l'",nia e ,",Iomil ;ntriI,lon d'iootion ka nj~ TOI t~ r!lldO,i.mom ll~ kunMrrnason. oiKLirls~, Studimi dhe "",lizimi i ,kodor!ve te logimit kund!!r olI!. ti! mbrnjturtc db!"", n!l" kOpj.. Duhct tejemi t! .iBu~f q~ te_IonaJronfodoncWc Q! DlOS kuptohennga perdoro'" tejashttlIL Kriptogrofia f,htl! ,tu
laipl-.:tCm eslua 1 ndare midi. d!'tgIJOjn~ vo
S.2.Z Shif..",o, K~,,""nciou!, ...0SI mo'dl••
Aio ishln • ""'mi. >kcm~ ,hifrirni nil di'poLi
~...c Ir c.....TI ..., C'''''IU''E~
" ~....,.,,,.,, , , ,
Fi&"ro 5.1: Modeli i ,hifrimi. kOllvcncionai
~"jI: gje eundesishm. e.bte so ,;guriae .hifiimil kon'"""iomIi Yare"{ nil" ~\e.i sdKtjo nga olgoriuni. f.dbo I\UO dijrne lelslin
No mwKI.~ krijoj~ "j~ ~.j", m
l'" Plain Ton
P~DK/[1'Jl.2{DKJ[C}]]
IDEA, Blowfish dh< RC5 jani: disa.sh'mbuj I!! disa'hifra,'e t~ kod= ,i",.trike.
Si~ e komi cii;ku!WIr mi hcITt ,e r~' komLLwkim te .igurt o! mo. t~ dy pal~v. dull,! I. k
;.;;;.., A dh. B kano pCnIorur m! p"rdorur nO shifrim« kon'l'Dci"",t~, ,,';metria pCnlo, dy .,.1""" "'"""ont!!. P"'e Key: Trarufonnim; nS" algoritrni ,hifrim;l >'RIt:! toblisht 0&0 low ~clcsa nto ~1"'\ j:m1 7.gje4ho, nc metyrl! \~ tille q" nc qoM5O djkush ,,:ilitc pl!rdomr pl:r shifrim, ~etri !!;hW perdorur r!' d"hifrlm.
4. Ciphor Text: Ky ~sht~ dalja e "'e,,,mit I~ fh~uar.
5. Decryption AlIlOrithm: R hmdarta e Itlgorilmit til shlfrimit.
S,:l.3.1 Puiml
(,01"",) publiko dhe privatei_ pOtdomr ne ,hifrimin mO ~cl~' publi!:. .
pl!n1OIttn~ nja rn~tjeti!r (Figura 5.5). Sbphnejemj m! III intcresuar"~ inl:grith1rim
Ii PRb ID:uwy':" pri>1lte
K"
1\4 -....
,
Fig.S.5: AUientik imi dole p
Dull.. t!j nj~ pale cll'Ole c ciIaqubet Certificw Authorily (eA). Ky amoritet~sl"" be>u,.."g' komunileli i Jl!~'" owrnl toi.l~ ¢o organi'.at/! qeveri,",o~o lCshOJl. nj~ oertifikate e ola perbChot ni:" ~cl~si publik, 11). pcrdoru"it t! zot~ru"i( '" ~elo,;t clho n~ fund i RiitM blloku n!nshkruhelng. AK. X, 509 e,hlo Dje ,kom~ ,lIIndarde q~ perdO,,",IILO shmnicCn c aplikaolnnc;'. 1
KAPlTULLI6
ZGJIDRJ.ET E STGURISE
Nc Ut~ soktor do t! diskutojt!ll! mj"'" tl' ndryshm••igurie dhc aplikacione tC eila!j~ ¢r'lorur .£ie~ishl tdh, n! diU'11ooa
6.1 Aplikim,t D! nivol .~Jdbj.
Zsjidnjel "SlIl'1ris~ o~ .hol t~ aplikimit U' ndRIf m~ I6.1.1.2x.s09
Ky ~sht.'! nj~ ~
~rdoruo:>i~ Ii! nln,hkruarng' p');;"i pri\"3t i alij grupi Ii! bosunrdho ky grup quhd Certificate Authority(CA).
6.1.2 NiHli Email
Mo e po"!niorura ilCfCsishI dh¢ nil ttll}! !sIlli! """'" ckklnlni l .. No do to dihq1Ll\ilur p~rpjekj. 0nj~ burrl Ie velful Philip R. Zlmm= i cili ,isuro; be""",hmen•• db. shl!rbime autentikimi pI' e-mail. dhc doljet OfIlik:uese Ie ruajtur:l. N~ di,~utuam shwna ~ kodimio konvero:ilutl i cili I'shl~ i sIlpcjlll, i baruar n~ nj! .KicdlUe Ii! "e!mc: diu: pI!~p!r Ie d)'jakodimin dhe drkcdimin. Sokteti i kt".JOCi; kodIIni ky .. dh. tcksti kodu
2- B=eshmw : pop ,iguron konfidem,j,ditctin _ koduar me,=Jrinmi gjellero" njo lIlo...h me 12S bit seon .. ky,o • oila ~Shl(' r""t~,I,ht • prudhuar velhttp:Watl!.ithttp:marr!.in
duke kudoar. n dlia POP dhc SIMl\fEj_ n! ,t""d:lltot IEf 11 por Sf.l.IlMI! ,he"')ot Ill! oje """""'" industrioL
6.1.3 Xinli IF
Duko aplikuar ,;gurine n~ nh..lin olP murn! II! .i8uroj~ ~j, komunikim te 'igwt! per 'pikU"'"t qe kan~ mek.ullizma tl ,igurlo, gjithashtll p~r 'plikimct me sigun 10 dabot.
6.l.J.llntornc1 Prot•••JSt
S- Alwfuni aulentik1mit: ",bulon pjcsCn 50 si struktut:!. • v~netimil diu: a1g",,"";' f'o'!rdorel pe.- AHdbc pe. ESP.
6·F",boo c intCIpr,tilllit (DOl): VI""'1 Ie cil.t j me II! tI:'rtuara pI!. dokunJ ""..t. ~o:a p~r tu lidhur me njl!m ~o_jonll t~ mbulU.!ll'a "S" DO).
7· !ikojm" ledlia • mbrojtjen All dbe ESP nil nje nivcl trafilrna1!!he~ dtJ t! n.o duhmdy Shoq,ri Sigutimi. MOnJ'TI' C Ir.msportit dl,. tunoli ; tt_pOrtiljome cly lIojot. ,hoqOri'o ,0 ,,;gurinlit tl oil.t ,igurojM Ilojo l< noJ}"hmc mbrojljesh p1r til dl,.",!. N!
lOnneo C transponill"b",jtj~sigurnn ponokolli:"cnj~ "i.,] «! ~.i~ f>b..: TCP, urn """ [Clot' kwse r>kOla c with! If'!. h!~ • mbmjUl' Dg!llransl"'n; lund ( e ¢ ..hkruarru! "b,len e mur i IPS !,In~ III ofrojc Slgurin~ o t~ gjith, oplikimc"" ~ ,hpernd",. 5i~ !,ht~ lnm>fcnmi i ~ do!"""", hyJja e dob"~ b)~. nC iIltemetdho
(SSL)'T"'.'port La)'., Soourily (TIS) dhe So, "'0 Etootronic T """,action (SEn t~ cit.. Jon. pcrdomr ~ sigurinI! web.
T.b.t. VU Transport Mode SA I TuI1net Modo SA
6.1.4.1 SSUILS
Qnsjc Ie ndrphmej3tll! p!rdorurpjt dho no Olund lli mlr"jm~ (r"Jikun. },"j1 tjet~r 7.gjidhjo e,blij (I~ I" ufrlljc ,iguri vet~n1 ",hi TCP (shih fi~urCn 6,2), S~T. e,hl~ ,~~ Ilg" mcioollznlO' m~ t~ p~rdo"'hm< 0 eila perdor mckoniuTlo lli
2. E njijta tdmikl! p!n>lri'ItI' per:o:n= l:ootrol!on ~.nir~ ~ klietlll~ db. ID e publikut .. ojo ~I< 1huarngo Autoriteti j be.h.nq. banka ti! jep infO!macione do kontrllll~je Eiitllli>htu idcntitctin t!l\d.
3. Duk" pfulorur lol:nikro lriplOgrafike mo
Figura6.4 ~b'Oll pjOS
2 RSAc n
, ~SSL Ctlange , -SSLAlort , J (;1J!!;If S.ooO : IO'rotOcol, .. ,.,' PrOtocol
S:~L.Record Protocol ,
"'"
,
Tep
,- " ,,~, "
Figura ~.J: SSt. PIOlowl SlaOlr.
n
SU PARTICIPAnT
tARO HOLDER
IIERCHANT
PAYMENT·
SATEWAY
fIg... 6.4, Pj~1 SET
6.2 Z/tiidhJa n! )Ii\\"01 ~;'l.mi
No bozo te tcknik.vc ct! kuncienn"".vo W ';gun" dhc mjct
http:kuncienn"".vohttp:tcknik.vc
"
.reruO!!uow", ,;?If ttO~ ~[I!"'I SOl"! "unr'"'!i" ~l i!'.(UlW iiN "DOl IIlI""1" ~ru uor!',
oqp ';)L'l om OhO~"I'~" "' 'If.fu a proll "'!Iff" ;)1 urunl!"OW SGiN -lOr" il" mq.,[llu \'i11UI1!!' "' '""'l' .ru ;)jl)''''O~ ''I''Q ~VW 0¥Z9 s?'=p. $,l1J.Iid HIn!p;llll l!lIIp[HITlUI"1 aJ ~
om ""* ill'l
'[it] ...=.(q!""":>JIIl[ >II ;!IU' iU S>IUO(Ili!d oIJIIl!"'!I"l~l"fl ~ lJ111!lqJl !='"l ~l!J"'d ~N
U0!P""P r=q "ItI"'J • ·"r... ,fU;lll n"'i'!<
,b ;ll1reJ'A ~ U'!~!ld" ;[\1 Jild ","TIJOp,;!d ~l Er", :l1 """"~jiH' ffirnlnU "'0 '"""f'!'O :l1 i!lI0~ .f" ," &nm(Ul\:n OA'['!PII ~ II!I1I"'TI .[OlOl!"O\U:l1 P""tIf Sal 'uu!"'''I'lP PloqPPI"'I='U.
"Offll"'! ,,"U ~P~" u.'I"pn 1!"IW>'l< ll"O>{lIl'!l"1' l.f""b ~'"'!'! ~ '"''1''"''''''' E(ll'rs ~"n l>.mA ofX
UU~!J
Ie giitM Iromuoikimin ~ 9.1,;1 1Fl",waU
Fig 6.4.1; }..lI)S B ...d N'twnrk
11",1 Based In'"..,iull d"ull'D 'p'.m (InOS) Roli dho wr.doojac Host b=nO IDS esht~ p.!w • ndry.IIm. "ga NIDS. Ho.-d ~elWOlk
Di>lnlmted inlru,ioB d""lloD ')""" (»ID8)
"" DIDS 1m nj" truokiru! komrolli qi:ndrore e oil. i:rycn nje rollo .dministralorit os< ",ena>i.hcril dbe W gjilhu ,",t,met IDS Ie mbcturo 'ilion ,i klknt~_ Makinol klionl IDS q\l11~n 4il~ ,.,""o,~ IDS. n J!iillt~ k/lo ~~ru;or~ ms mwtd ~ lbulojoo ndlrhyrj~ n, !!jet .,.., ,rnem dhe d"""'jnl! nJ! '.port mcnaxnerit ktJo •..".1OS. ~to Serumi: 10 j..,! na fotmen e NIDS H1DS, 0'. tl! dyjo. Pm. IlCmund Wthomi ,e DIDS ~,hW oj;; kombinim i dy ,i=-.:NlDS dh. IUDS. Nj~ tlpad
M..OIO,NIDS
FIg 6.4.3; DIDS Based N.t\\",~
FUIlbionet ~ nje si",.rnIIPSjonelc njqta.me .mem;n IDS. Ajomund lC punoje si ojesi. 1'"'........ e njob", si "KctWOtk &sed Intrusion l'n>Ia:lioa System (NIPS) q~ kanol ol1ilsi11e pet til bllokuar 0'. t!! mollojne ndonj! mi~IJlre~e t! r,",",ori
n
http:njqta.me
6.2..1 T.knikal
H.pi i par(! i nj;;: ""tivirusi ~,i1l!! so ka aftc,;nj! ¢rthbulunrviru,in 0'"' ndon)! pros"'m \i't~r W dem,h~m no ,;'1'111 e,. ne ,kedarH. Ii! dh~n.v',
lI\clltification
Pas funk,;enit Ii! dctcktimit hapi Idyte i njo antivi=i !,hl! '" ka aElo.inO per t! idclttifilruar nojin e .IN>it ktqdash~
H~a. Vil"';l ;;:,hte ""pi I fundi, i nj~ antiviru";.
Tcknik.t. FunksionnlllOlil W Anlivirus.v<
Ko shum" tdnilu\ funk>ienal. qe P
- -
• T.knikn c gjenerimil ~ doshif""" mto pare gj.neron!lie makin~ "irlualo na nj! m.kiII~ I~ v(!n.ol~ Kjomakin! virtu,,'" knh>rd,,""n: Ii: ploc! db. apIikBci"""'. njljla oi De makln~ 01J'_' - ---
nom", Pr=riptim -, - -- - - ,
V Vifus,;"c;,c,~I f:;I~.' I - ~~""~- , -m;dJ~ ..,.mh" ,. /~", -- , Cli"",
CIi",' madm. IllOcllln,
,
- --
• , - . , -- - • ,,.. ,- Ptlv~!" " --
..,, ;t ,"' .... 'n' ,I Clia,!
" Private NW'
,-.~,-
C1i~l-l'lg 6.4.4; Sis!om; Digitallmm1lllo
Nj~ 'i=m tli&hilill imuni!Hr cslrt~ nj~ t.krtike qc 'igumn oje mbrol* IrnndBr lot)'!"o llujCYC t~ vitu,.," t~ dlat kant; karaktori,tika t~ p te ,konimj. p< !o koml1nikimit nd!nnjet 'egm."t .... te ndryshme t~ "j.tit "PO zona [43J. Nj~ firewall mund U'! [I
Duke _ p3t3S)"Sh arlritckturen e Iidbjcs s(! nj~ fin:waIll:adi ... pika te ren~,ishmo ~ te diskutuar.
- Piziki,ht firew.11 ~,hl~ c lidhur me oy 0'0 m~ ,~umo '0 Of rrjmve nt1lCnnjet ndl!,I"oq~, ,~ ,aj. n~ mi)nyr~ q! lrafiku Ij.,ht~m cllL. j brCnd5h!m ko!lie pike t~ vetme pOt komLJJJ.ikim. P~",~ j giith~ ttaJlku cluhet W ko.lojo perme. fl"",..nper qirnil
Nj~ frrew.il kontroliM ,to sh,rbimo q~ duan t~ ko.lojru; p
Tipel • Firewall:
""disa Iloj. fire",,]]. AdInirIis~ato,a dw...:to! >..ooosln SO cili tip fi=>-aJli l>h'i! I duhuri per nj~ bmlroll arkittknu.: Ie dbl!n~ [43J. fi=>-aJl ..w.helal < vromo",111 pako, pa'lilj oj! P"ckt filet firewal) vendo. I~ lojoj~ "flO mohoj" pal:ctl!n.
I'";h" c paramet,av< t~ pIlkclilvc Mrmalishl pErmb ..n, burimiolodr.'
Pack.. fin., flrew.1I (In,.,upIMode)
IDO
Unl~."Ufi'"
U...
§ ~ IIII[J Q
Llnklontlflodp~ Fit•• FI,....nSERVER IDI~~> ,I~M"".)
,, ,, , ~ IIII , , ,
,
, , crJ § lOlsYri..l.CK:> Q
,~ P.dot FI~.t flfcW,n Unld.ntIIIed \tn""",pt Mocro} ,
rig 6.6: Packet FlI,,, Fi,..",'all no Tep lnlor'.pt Mode
Appli••tio" 1...01 G.'.way
1'1)0 "application l,v.1 fire",."u" ,ig"fOII m~ "hum~ _him dhe b"LloshmOri so nj~ packet fLiter fII'http:lnlor'.pt
SllItefui In,p"Uo. Flr.,..l1
l'le >fltteful inspecti
KAPITULL17
KONKLUZIO$ TIRE pu~"iTt ARllHSH.'1I.
7.1 KonJduziono
QeUimi i k!tij projekti i>hlo I~ oksploroi~ dobi:,ilo 0 njotit ne th.I1iguri,~ dh. ,gJidhjev< (, ,,~uri,~_ Sign'" "uk muud to quajm~ oj, /irowh pajisje .iglllie '" konfiguflllll1l.keq. Ne fund I< furn:\it i!sht!" nj~ njot nuk mund ,! jell! 100% i ,i~1!. :\Je&iithal< no mund t~ !l""'l1tojmtS ,;guri m! t~ mifl'! ne nio'in tonC. Kia anali/,f 0 pergJith;hmc e rejetil ~$I,,~" !le nuk qcndron_a."lj~h.fI'! no vcn~. Mjc"tct c ,uIm,Ye do vw.hdojoil til avancojn!!, ..,hru.j d~. "Iliiohj. c sipms.!. N~•• ndokush ,]u provoj, t~ q~"d'Je I pl'rdil
Rcfcrenca
[1] Willi"", Stallings '""ctWO,~ S«urit'[ Esson'hu.Applkati""" and Sto.nd:irM·
hnp;/Ipb WmIUO.ir,>TICnl1!! $O!!lfuplood.!J, J:i'rt",,,rk,,,,,,,uri'v=ria!,;--l,h-olj'jrD
"illiam.,I"Uing,-,,,1f
[2] p,,, .iguria e njetit dill! ,I".mij_ rt! rt!nd!si>h",o?
[3J Pse duhtt t~ oigumj m! infOf1llBciontt hllP;/,'mnfotd ,edUlirt/,oc"rj tyljnfonrurtion h' ml
[4] Networ!!. Mdcl;
h@:i/www.lC!!ip"uido.comlf!tti. ThcBcne~ ~QfN
[14] Williom Stalling.' "I'otwork S,curity E"ontial, Applic,rio"" oruI Sta/ldafW~
[lSI L'yl,;., Black "Internet Socunty Protnools. Protecting IP Traffio" ( Lib","),
[16] Jova Tutorial"
hrtp:IIj""J.'''n,comicloor,llmok''!]!ltoriaI1n
[27] Cle""""" L. (2010). Knncepti i siguri,e V~n~'io:
http://wwwbrigh.hub.comicom p"tin~/smb""'ll!jD"/"";0k,/312) 4 ,"'P'
[29JSniffll1S' hru>:!lwww.hock.....ent.. oo ...ijMp".pil""iHSC..Giljd../[ IhieR!_ Hack.:x!Snjffing h'ml
[30] Miohael Gxegg. (]«rrg< Mays. Chri. RiOdf
[31J lJoUmi i nje
[18J WilliomSl.1Ilings ~"K_ork Security Es.ontiabApplic"iou' and
Sl.!nd.rd," raqe 34·42
[40J \V"~liam Su: An Authenli
[49J Olobal Model United Not;on.! "The GloballDfcnnation Sociocy"
http·llwww.lln.or&l,tnun!"reb j)'e!2~ I0/" .'webd~vf,i[dl!lI1un!'""",md
P~1s"
hnp·lImob.~mmcds eb2aco!T)!Ncty.ml:%2QScoqriw pM
[55J K.Sor." "An OPNEr·bolOd ilinulatioto "pproach for doploying VoIP"
hllp;//www.rrgorcl ...... c.netinunFo.tioD12277003J6 An OP rmI_
[56] ~f""'oo Punnoi, Job,r!. S.B.Martins "TARV·OS - An Simulator (or
Perform.no< Even-B.se. An.lys;,. Supponing MPLS, RSVr·TIl, ,end Fa." "eouvory",
http://"IlIiv.or"lfip,'at"> iv/PI' poWI 40 I /] 401.7Q34 ndf
/51] "Crypt?graphy and N"",Q,t Securityn Xi..,g·Yang Li:
hllp;/Iwww C!.i i,-ed"!..."$49!!,,,,IU,.,!CNS.1 ,ode
http://"IlIiv.or"lfip,'athttp:Even-B.sehttp:Perform.nowww.rrgorclhttp:hrtp:Iiwww.lhhttp:Fire\v.li