TAILIEUCHUNG - TCP/IP - Security PerspectiveUpper Layers
Biggest problem is figuring out who a piece of mail is really from Must use a higher level mechanism for trust or privacy Most SMTP clients use sendmail which has been a constant source of security problems for years | TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik Application Layer Protocols Messaging Protocols SMTP, POP, MIME, IMAP, IM Telephony , SIP (used with VoIP) RPC Based Protocols NIS, NFS, Andrew File Transfer Protocols TFTP, FTP, SMB Remote Login Telnet, rlogin, Ssh, Information Services Finger, whois, LDAP, WWW,NNTP Proprietary Protocols RealAudio, SQL’Net, VNC SMTP Biggest problem is figuring out who a piece of mail is really from Must use a higher level mechanism for trust or privacy Most SMTP clients use sendmail which has been a constant source of security problems for years MIME MIME headers could be hand crafted by hacker to overwrite data MIME fragmentation could subvert virus checkers ability to detevt embedded virus’ Mailing of executable programs POP Pretty insecure Passwords not secure, sent as clear text Exchanges are done as clear text Can be done over SSL/TLS Some UNIX systems POP runs as root until user is authenticated and then switches to that userid, never good to have servers running as root (many sysadmins set up to run servers as nobody) IMAP Authentication is better than in POP but still not great (shared secret) Complex protocol, leaves many possibilities for hackers to try to subvert the protocol Not as popular as POP Used more on intranets than the internet IM Very popular on the Internet but very dangerous on intranets connected to the internet due to employees inadvertently leaking private data onto the public media. Use commercial systems if needed on an intranet, possibly with encryption RPC & Rpcbind Developed by Sun Microsystems Popular way of implementing distributed computing Authentication is weak, some versions used Kerberos based some use DES based shared session keys Rpcbind will advertise all registered services and allow them to be unregistered (by a wiley hacker) Rpcbind calls can be indirectly forwarded making verification of source hard to determine NIS (Network Information Service) Used to distribute .
đang nạp các trang xem trước