Using the databases protocols to connect to a perimeter web server

Putting the web server on the perimeter network and then using normal database remote access methods to connect to an internal database, as shown in Figure 23.3, is the most straightforward method of providing web access to the database. In this situation, the web server effectively proxies the request to the database server, so external commands do not arrive directly on the internal network. However, you are still vulnerable to any security problems in the remote access provided by the...

Packet Filtering Characteristics of DNS

Pre Trip Wheeler Diagram

There are two types of DNS network activities lookups and zone transfers. Lookups occur when a DNS client (or a DNS server acting on behalf of a client) queries a DNS server for information - for example, the IP address for a given hostname, the hostname for a given IP address, the name server for a given domain, or the mail exchanger for a given host. Zone transfers occur when a DNS server (the secondary server) requests from another DNS server (the primary server) everything the primary...

Packet Filtering Characteristics of RPC

It's very difficult to use packet filtering to control RPC-based services because you don't usually know what port the service will be using on a particular machine - and chances are that the port used will change every time the machine is rebooted. Blocking access to the location server isn't sufficient. An attacker can bypass the step of talking to the location server and simply try all TCP and or UDP ports (the 65,536 possible ports can all be checked on a particular machine in a matter of...

Packet filtering characteristics of H323

H.323 uses at least three ports per connection. A TCP connection at port 1720 is used for call setup. In addition, each data stream requires one dynamically allocated TCP port (for call control) and one dynamically allocated UDP port (for data). Audio and data are sent separately, and data streams are one-way this means that a normal video conference will require no less than eight dynamically allocated ports (a TCP control port and a UDP data port for outgoing video, another pair for outgoing...

Packet filtering characteristics of X11

X11 uses TCP port 6000 for the first server on a machine. This choice of ports presents another problem for packet filtering systems the X11 ports are in the middle of the above 1023 range of ports that most applications use for random client-side ports. Thus, any packet filtering scheme that allows in packets to ports above 1023 (in order to allow packets from remote servers to local clients) needs to be very careful not to allow in connections to X11 servers. It can do this either by totally...

A73 Internet Society Symposium on Network and Distributed System Security SNDSS

The Internet Society sponsors an annual symposium on network security. From the 1995 symposium announcement The symposium will bring together people who are building software and or hardware to provide network and distributed system security services. The symposium is intended for those interested in the more practical aspects of network and distributed system security, focusing on actual system design and implementation, rather than on theory. We hope to foster the exchange of technical...

Packet Filtering Characteristics of HTTP

Clients use random ports above 1023. Most servers use port 80, but some don't. To understand why, you need some history. Many information access services (notably HTTP, WAIS, and Gopher) were designed so that the servers don't have to run on a fixed well-known port on all machines. A standard well-known port was established for each of these services, but the clients and servers are all capable of using alternate ports as well. When you reference one of these...

Disabling Services Under Unix

As we discussed in Chapter 10, there are four general precautions to take when disabling services Make sure that you have a way to boot the machine if you disable a critical service (for instance, a secondary hard disk with a full operating system image or a bootable CD-ROM). Save a clean copy of everything you modify so that you know how to put it back the way it was if you do something wrong. When you disable a service, disable everything that depends on it. Don't connect the machine you are...

C51 Encryption Algorithms

These algorithms are designed to be used for encryption (reversibly obscuring information). As we've mentioned, it is often possible to use encryption algorithms for other purposes, and many of these algorithms are also used for digital signatures and or for cryptographic hashing. RSA is a public key cipher that can use varying key sizes (which are theoretically unlimited). Typical key sizes are 512, 768, 1024, and 2048 bits. Because the algorithm is expensive to compute, the smaller key sizes...

Packet filtering characteristics of SQLNet and Net8

Oracle uses entirely TCP ports over 1024.57 These ports can be configured, and there are multiple defaults depending on the version of Oracle you are running. In what appears to be the most common default configuration, the TNS listener is at 1521, the Oracle Multiprotocol Interchange listener is at 1526, Oracle Names is at 1575, and Oracle Connection Manager is at 1600. Client-to-server connections will normally start out going to 1521 or 1600 but may not remain there. It is not at all...

Packet Filtering Characteristics of Telnet

Telnet servers normally use port 23 they can be set to use any port number but very rarely use any port but 23 . Telnet clients use ports above 1023. Telnet is used as an example in Chapter 8, so its filtering characteristics are discussed in more detail there. 1 ACK is not set on the first packet of this type establishing connection but will be set on the rest. Telnet is well supported by proxies. SOCKS provides a modified Unix Telnet client modifying clients on...

Turning Off Routing

If you have a dual-homed host that is not supposed to be a router, you will need to specifically disable routing. In order to act as an IP router, a dual-homed host needs to accept packets that are addressed to other machines' IP addresses, and send them on appropriately. This is known as IP forwarding, and it's usually implemented at a low level in the operating system kernel. An IP-capable host with multiple interfaces normally does this automatically, without any special configuration. Other...

Denial of service

A denial of service attack is one that's aimed entirely at preventing you from using your own computers. In late 1994, writers Josh Quittner and Michelle Slatalla were the target of an electronic mail bomb. Apparently in retaliation for an article on the cracker community they'd published in Wired magazine, someone broke into IBM, Sprint, and the writers' network provider, and modified programs so their email and telephone service was disrupted. A flood of email messages so overwhelmed their...

The Tis Fwtk Authentication Server

The authentication server in TIS FWTK is a modular solution for authenticating users coming in from the Internet. The server implements a variety of authentication mechanisms, such as standard reusable passwords not recommended , S Key, Security Dynamics SecurID cards, and Digital Pathways SNK-004 cards. In addition, the server is modular and extensible, and is designed so that new authentication mechanisms can easily be integrated. A single authentication server can handle any number of client...

A firewall cant protect you against connections that dont go through it

A firewall can effectively control the traffic that passes through it however, there is nothing a firewall can do about traffic that doesn't pass through it. For example, what if the site allows dial-in access to internal systems behind the firewall The firewall has absolutely no way of preventing an intruder from getting in through such a modem. Sometimes, technically expert users or system administrators set up their own back doors into the network such as a dial-up modem connection , either...

Monitoring Your System

Another important aspect of firewall maintenance involves monitoring your system. Monitoring is intended to tell you several things Has your firewall been compromised What kinds of attacks are being tried against your firewall Is your firewall in working order Is your firewall able to provide the service your users need In order to answer these questions, you'll need to know what the normal pattern of usage is. 26.2.1 Special-Purpose Monitoring Devices You'll do most of your monitoring using...

Converting Clients to Use SOCKS

Many Internet client programs both commercial and freely available already have SOCKS support built in to them as a compile-time or a runtime option. How do you convert a client program to use SOCKS You need to modify the program so it talks to the SOCKS server, rather than trying to talk to the real world directly. You do this by recompiling the program with the SOCKS library. Converting a client program to use SOCKS is usually pretty easy. The SOCKS package makes certain assumptions about how...