SystemsSec 2018W Lecture 5: Difference between revisions

From Soma-notes
No edit summary
No edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
==Audio==
[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec05-22Jan2018.m4a Lecture 5 Audio]
==Notes==
==Notes==
- Basic structure of the internet
* client => net => server
* basic client server model
* processes on client and server talk to each other
* network firewall sits between net and server, protects the network from malicious incoming traffic
* host firewall sits between net and server, sits in front of server
* each process has a unique port number
* IP address identifies hosts
- IP addresses are very easy to spoof
- Initially, servers would talk to any client, very risky
- Finger daemon lists for finger requests
* process that can find out anyone's personal info (eg. name, phone number, etc.)
* eg: finger soma@homeostasis.scs.carleton.ca
* outputs a "plan" file with user's personal info
- chargen = character generator
- localhost:631 = url for CUPS
* web-based printer management console for unix systems
* config file has basic access control (ie. IP address restriction)
* not openly available, secure for single host, not so good for multiple hosts (ie. network)
- security issues?
* different config files for different OS, tedious to setup
* ideally, we want a uniform way of combining policy
- TCP wrappers "libwrap"
* came before host based, widespread firewall support
- what is a firewall?
* 2 types: host and network, differs by who enforces the rules
- what is a vpn?
* virtual private network
* can be problematic, misused if used to download media onto your machine while connected to a company network
* viruses can enter the network this way
- to increase network security, turn off unnecessary services that don't need to talk over the network like the finger daemon
- outgoing traffic is safe but incoming traffic may not be
- ntpd = network time protocol daemon
- modern architecture uses VMs and containers like Docker
* Processes in Docker separated into groups
* 1 firewall per group

Latest revision as of 06:55, 30 January 2018

Audio

Lecture 5 Audio

Notes

- Basic structure of the internet

  • client => net => server
  • basic client server model
  • processes on client and server talk to each other
  • network firewall sits between net and server, protects the network from malicious incoming traffic
  • host firewall sits between net and server, sits in front of server
  • each process has a unique port number
  • IP address identifies hosts

- IP addresses are very easy to spoof - Initially, servers would talk to any client, very risky - Finger daemon lists for finger requests

  • process that can find out anyone's personal info (eg. name, phone number, etc.)
  • eg: finger soma@homeostasis.scs.carleton.ca
  • outputs a "plan" file with user's personal info

- chargen = character generator - localhost:631 = url for CUPS

  • web-based printer management console for unix systems
  • config file has basic access control (ie. IP address restriction)
  • not openly available, secure for single host, not so good for multiple hosts (ie. network)

- security issues?

  • different config files for different OS, tedious to setup
  • ideally, we want a uniform way of combining policy

- TCP wrappers "libwrap"

  • came before host based, widespread firewall support

- what is a firewall?

  • 2 types: host and network, differs by who enforces the rules

- what is a vpn?

  • virtual private network
  • can be problematic, misused if used to download media onto your machine while connected to a company network
  • viruses can enter the network this way

- to increase network security, turn off unnecessary services that don't need to talk over the network like the finger daemon - outgoing traffic is safe but incoming traffic may not be - ntpd = network time protocol daemon - modern architecture uses VMs and containers like Docker

  • Processes in Docker separated into groups
  • 1 firewall per group