Analysis on the vulnerabilities of TCP/IP protocol families

There are many services based on TCP/IP protocol. People are familiar with WWW Service, FTP service, email service, and TFTP service, NFS service, and Finger service. These services have different security defects. When you build a secure and trusted network, you need to consider which services should be provided and which services should be prohibited. At the same time, when using these services, you may not have thought that the security design was not taken into account in the TCP/IP design from the very beginning.

TCP/IP Vulnerability

The main trend of the IP layer is the lack of effective security authentication and confidentiality mechanisms. The main factor is the IP address issue. The TCP/IP protocol uses IP addresses as the unique identifier of a network node. Many TCP/IP Services, the R commands, NFS, and X Windows in Berkeley are used to authenticate and authorize users based on IP addresses. The current TCP/IP network security mechanisms are mainly based on the IP address Packet Filtering and Authentication technologies, its validity is reflected in the ability to judge the authenticity and security of data based on the source IP address in the IP package. However, there are many problems with IP addresses. The biggest drawback of the Protocol is the lack of protection for IP addresses and the lack of authentication mechanisms and confidentiality measures for the authenticity of source IP addresses in the IP package. This is the root cause of the overall TCP/IP protocol insecurity.

Because UDP is based on the IP protocol, TCP packet segmentation and UDP Packet encapsulation are transmitted over the network in the IP packet, so it also faces security threats encountered by the IP layer. Now people have been trying to solve the problem, but what is still unavoidable is the attack based on the "three-way handshake" mechanism established by the TCP connection (1 ). These attacks include:

Source Address Spoofing or IP Address Spoofing );

Source Routing Spoofing );

Route Selection Information Protocol attack (RIP Attacks );

Authentication Attacks );

TCP serial number spoofing (TCP Sequence number spoofing );

TCP/IP protocol data streams are transmitted in plaintext;

Tcp syn Flooding Attack (SYN Attack;

Fraud of spoofing ).

Figure 1

For example, network administrators are familiar with the Internet Control Information Protocol (ICMP), which is a basic network management tool for TCP/IP protocol groups. It makes great contributions to help network administrators eliminate network faults, meanwhile, ICMP attacks are rampant. The most obvious is the ICMP redirection packet, which is used by the gateway to provide a good route for the host, but cannot be used to actively change the route table of the host. If the intruder has broken a secondary gateway that can be used by the target host, instead of a basic gateway, the intruder can set an incorrect route for the trusted host through a dangerous secondary gateway. Most Service hosts do not perform effective checks on TCP redirection packets. The impact of such attacks is similar to that of RIP-based attacks.

In addition, ICMP can also be used for DoS attacks (2 ). If the target cannot be reached or times out, individual packets can be used to reset the current connection. If the intruder knows the local and remote port numbers of the TCP connection, the ICMP packets of the connection will be generated. Sometimes such information can be implemented through the NETSTAT service. A more common Denial-of-Service attack is to send forged subnet mask response packets. No matter whether the host queries or not, they will accept the message. An incorrect message may block all connections to the target host.

Figure 2

Application Services are not optimistic

1. File Transfer Protocol

The persistent cause of FTP is that it can transmit platform-independent data over the Internet. It is based on a client/server architecture. FTP will be transmitted through two channels (ports), one transmission data (TCP port 20) and the other transmission control information (TCP port 21 ). On the control channel, both parties (clients and servers) Exchange commands for initiating data transmission. An FTP connection consists of four steps: User Authentication → establishing a control channel → establishing a data channel → closing the connection. The FTP connection Control uses TCP (Transmission Control Protocol), which ensures reliable data Transmission. Therefore, FTP does not need to care about packet loss and data error detection during data transmission.

Anonymous FTP is widely used on the Internet, and the low security level is frequently visited by hackers. Anonymous FTP is truly anonymous, and does not record who requested the information, who downloaded the file, and what was uploaded (it may be a Trojan ). FTP has a fatal Security defect. FTP uses a standard user name and password for identity authentication and lacks effective access permission control mechanisms, both the password and password are transmitted in plain text.

2. Web Services

The Web server is located at the front end of the host infrastructure and is directly connected to the Internet. It is responsible for receiving requests from clients, creating dynamic Web pages, and responding to request data. Initially, the WWW Service only provided static HTML pages. to change people's desire for network interaction requests, the CGI program was introduced, which made the homepage active. The CGI program can receive user input information. Generally, the user transmits the input information to the CGI program through a table, and then the CGI program can perform some processing according to user requirements, generally, an HTML file is generated and sent back to the user. Many CGI programs have security vulnerabilities, which are easily exploited by hackers to do illegal things. Many people may not understand the security vulnerabilities in the CGI software package when writing CGI programs, and in most cases, they will not re-compile all the parts of the program, but will modify it as appropriate, in this way, many CGI programs inevitably have the same security vulnerabilities. Many SQL Server developers do not start with the security protection foundation when writing the code. This will not ensure the security of your developed code, as a result, the operation of the application cannot be controlled within the required minimum permissions.

If the Web Service needs to output sensitive and restricted data or provide restricted services, it needs to authenticate the caller. If customer access is in a trusted domain, we can use it with confidence, but it is impossible in practical applications. Therefore, system-level authentication cannot be achieved, at least at this stage. For example, you can use IIS to configure the Web Service virtual directory for basic authentication. In this way, you must configure the proxy and provide creden。 in the form of username and password. Then, each time the Web Service sends a proxy request, the proxy transmits them. These creden are transmitted in plain text, so you should only use Basic Authentication in SSL (3), but few administrators do this.

Figure 3

In addition, Web services do not provide fault tolerance mechanisms. If the Web Service uses software redundancy technology, it can ensure that one version has an error, and the other version rarely has the same error. Code reuse cannot completely avoid errors. Therefore, when a module encounters a physical fault, other modules are completely paralyzed.

With the extensive application of Java Applet, ActiveX, Cookie, and other technologies, when users use a browser to view and edit network content, applications using these technologies will be automatically downloaded and run on the client, if these programs are maliciously used, information on the client may be stolen, changed, or deleted. It is difficult for users to determine the nature of a program in real time for malicious programs. Therefore, when obtaining highly interactive Web services, how to defend against these security threats is not a simple client setting.

Improve Network Reliability

We have mentioned the disadvantages of IPv4. Many security protection technologies are ignored, which are inevitably replaced by the next-generation technology IPv6. IPsec security protocol is a later Protocol (4), while Network Address Translation solves the problem of IP Address shortage, but increases security risks, this makes it difficult to implement real end-to-end security applications. The two basic components of end-to-end security-authentication and encryption are the integration components of IPv6 protocol. In IPv4, they are only additional components. Therefore, IPv6 Security is easier and more consistent.