An Overview of Computer and Network Security - PowerPoint PPT Presentation

Loading...

PPT – An Overview of Computer and Network Security PowerPoint presentation | free to download - id: 61afa7-ZGZkZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

An Overview of Computer and Network Security

Description:

An Overview of Computer and Network Security CS535, TE/CS 536 Network Security Spring 2005 Lecture 2 A Motivating Example Requirements of an e-Commerce site ... – PowerPoint PPT presentation

Number of Views:157
Avg rating:3.0/5.0
Slides: 52
Provided by: fen105
Learn more at: http://sst.umt.edu.pk
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: An Overview of Computer and Network Security


1
An Overview of Computer and Network Security
  • CS535, TE/CS 536 Network Security
  • Spring 2005 Lecture 2

2
A Motivating Example
  • Requirements of an e-Commerce site
  • Performance
  • of current transactions
  • Usability
  • Easy to follow GUIs, convenience
  • Security
  • Secure transmission and storage of customer
    financial/personal data
  • Protect the Web servers and the enterprise
    network from illegitimate access
  • Provide continuous/uninterrupted services

3
The Internet
4
(No Transcript)
5
Protocols
  • Application layer
  • HTTP, FTP, Telnet, SMTP, DNS
  • Transport layer
  • TCP, UDP
  • Internetworking layer
  • IP, ICMP, ARP, RARP
  • Network interface (data link) layer
  • Ethernet, PPP
  • Physical layer

6
Layered Store-and-forward
User A
User B
Application
Transport
Network
Link
7
(No Transcript)
8
Problems in implementing security
  • Vulnerabilities arise from
  • weak design (of system or protocols)
  • compromised entity
  • Heterogeneous networking technologies add to
    security complexity
  • Higher-speed communication puts more information
    at risk in given time period

9
The Definition
  • Security
  • the possibility of successful yet undetected
    theft, tampering, and disruption of information
    and services is kept low or tolerable

10
Basic Security Services
  • Authentication
  • assurance that the communicating entity genuine
  • Data Confidentiality
  • protection of data from unauthorized access
  • Data Integrity
  • trustworthiness of data or resources (no
    modification or replay)
  • Availability
  • ability to use the information or resource upon
    demand by an authorized entity
  • Non-repudiation
  • protection against denial by sending or
    receiving entities of having communication

11
Security Threats and Attacks
  • A threat is a potential violation of security.
  • Flaws in design, implementation, and operation.
  • An attack is any action that violates security.
  • An adversary
  • Passive and active attacks

12
Eavesdropping - Message Interception (Attack on
Confidentiality)
  • Unauthorized access to information
  • Packet sniffers and wiretappers
  • Illicit copying of files and programs

R
S
Eavesdropper
13
Integrity Attack - Tampering With Messages
  • Stop the flow of the message
  • Delay and optionally modify the message
  • Release the message again (replay)

R
S
Perpetrator
14
Authenticity Attack - Fabrication
  • Unauthorized assumption of others identity
  • Generate and distribute objects under this
    identity

R
S
Masquerader from S
15
Attack on Availability
  • Destroy hardware (cutting fiber) or software
  • Modify software in a subtle way
  • Corrupt packets in transit
  • Blatant denial of service (DoS)
  • Crashing the server
  • Overwhelm the server (use up its resource)

16
Impact of Attacks
  • Theft of confidential information
  • Unauthorized use of
  • Network bandwidth
  • Computing resource
  • Spread of false information
  • Disruption of legitimate services
  • All attacks can be related and are dangerous!

17
Close-knit Attack Family
Active Attacks
Passive attacks
re-target
jam/cut it
sniff for content
capture modify
re-target
traffic analysis - who is talking
pretend
18
Security Models of organizations
  • No security or security through obscurity
  • Host security
  • Application level
  • Problem many hosts
  • Network security
  • Control access to hosts and services
  • Organizations can be Targets of opportunity (TOO)
    or Targets of choice (TOC)

19
Security Policy and Mechanisms
  • Policy a statement of what is/is not allowed.
  • Mechanism a procedure, tool, or method of
    enforcing a policy. Implements functions that
    help prevent, detect, and respond to recovery
    from security attacks.
  • Security functions are typically made available
    to users as a set of security services through
    APIs or integrated interfaces.

20
Parameters of security policy(Operational Issues)
  • Cost-Benefit Analysis
  • Risk Analysis
  • Laws and Custom
  • People issues e.g. change password every month?
  • Security architecture e.g. a layered approach.

21
(No Transcript)
22
Security Threats and Vulnerabilities
  • TE/CS 536 Network Security
  • Dr. Haroon Atique Babri, UMT
  • Spring 2005 Lecture 3
  • Adapted from Dr. Wenke Lee, Georgia Tech

23
The Security Life-Cycle
  • Threats
  • Policy
  • Specification
  • Design
  • Implementation
  • Operation and Maintenance

24
Taxonomy of Threats
  • Viruses and Worms
  • Web features, e.g. cookies (see text)
  • IP layer attacks
  • TCP layer attacks

25
Viruses
  • A small piece of software that attaches itself to
    a program (e.g. a spreadsheet) or document.
  • Each time the program runs, the virus runs.
  • When a virus runs, it looks for other any
    executable files in any directory and infects
    them and/or does something bad.

26
Virus what does it look like
  • Start of original code
  • X-1
  • X jump to Y
  • X1
  • end of original code
  • Y first statement of virus code
  • statement X in original code
  • Yn jump to X1

27
The Rise of Viruses
  • The spread of PCs in late 1980s
  • Use of modem accessible computer bulletin boards
    to down load programs (or Trojan horses), e.g.
    games, spreadsheets.
  • Floppy disks

28
Types of Viruses
  • Executable
  • Infection phase (1)Designed to get executed
    first when the host program runs. (2) Looks into
    memory, and if it finds another program on the
    disk, it adds its code to it. (3) The virus then
    launches the host program
  • Attack phase activated by some sort of trigger,
    e.g. date, does something bad.

29
Types of Viruses
  • Boot sector viruses
  • Boot sector is a small program that tells the
    computer how to load the rest of OS.
  • Transmitted through floppies
  • Good news Huge sizes of todays programs require
    CDs Todays OS protect the boot sector.
  • Bad news with CD-RW becoming common, viruses now
    can spread across CDs

30
E-mail Viruses
  • Moves around in e-mail messages, replicate by
    automatically mailing itself to people in the
    victims e-mail address book.
  • Melissa (3/99) spread as a Word doc uploaded to
    an Internet newsgroup.
  • ILOVEYOU (5/00) code as an attachment double
    clicking allowed it to execute took advantage of
    VBA built in Microsoft Word.

31
Worms
  • A small piece of software that normally uses
    computer networks and security holes to replicate
    itself.
  • A copy of the worm scans the network for another
    machine that has a specific security hole, e.g.
    buffer overflow.
  • It copies itself to the new machine using the
    security hole and

32
Worm how it spreads (1)
  • Log into another machine by guessing passwords.
  • Account name/passwords might be stored in script
    files to allow a naïve user to access remote
    resources remotely.

33
Worm how it spreads (2)
  • A copy of the worm scans the network for another
    machine that has a specific security hole, e.g.
    buffer overflow.
  • It copies itself to the new machine using the
    security hole and

34
Famous Worms
  • Code Red each copy scanned the Internet for Win
    NT or Win 2000 servers without the MS security
    patch installed, and copied itself to the server.
  • Code Red was designed to do 3 things
  • Replicate itself for first 20 days of each month
  • Replace Web pages on servers with a page Hacked
    by Chinese
  • Launch attack on www.whitehouse.gov
  • Slammer see handout

35
What to do
  • Virus checkers
  • check all files for the instruction sequences of
    known viruses
  • Polymorphic virus changes order of instructions,
    or changes to functionally similar instructions
    each time it copies itself.
  • Take a snapshot of disk storage by recording file
    lengths or taking message digests of files
  • Virus can compress the program and then add
    itself to maintain original length.

36
What to do
  • Use security features provided by a language
  • Java sandbox
  • MS security patches ?

37
IP packet attacks (1)
  • Packet sniffing or snooping
  • Prevention data encryption
  • link to link
  • source to destination.

38
IP Packet Attacks (2) -
  • IP Spoofing
  • A common first step to many threats.
  • Source IP address cannot be trusted!

SRC source DST destination
IP Header
IP Payload
SRC 128.59.10.8 DST 130.207.7.237
Is it really from Columbia University?
39
Similar to Mail (or E-mail)
Mail maybe better in the sense that there is a
stamp put on the envelope at the location (e.g.,
town) of collection...
40
Most Routers Only Care About Destination Address
src128.59.10.8 dst130.207.7.237
128.59.10.xx
Rtr
Columbia
130.207.xx.xx
Rtr
Georgia Tech
36.190.0.xx
Rtr
src128.59.10.8 dst130.207.7.237
Stanford
41
IP Attacks (3)
  • Attack packets with spoofed IP address help hide
    the attacking source.
  • A smurf attack launched with your host IP address
    could bring your host and network to their knees.
  • Higher protocol layers (e.g., TCP) help to
    protect applications from direct harm, but not
    enough.

42
Current IPv4 Infrastructure
  • No authentication for the source
  • Various approaches exist to address the problem
  • Router/firewall filtering
  • TCP handshake

43
Router Filtering
  • Decide whether this packet, with certain source
    IP address, should come from this side of
    network.
  • Not standard - local policy.

Hey, you shouldnt be here!
Rtr
36.190.0.xx
src128.59.10.8 dst130.207.7.237
Stanford
44
Router Filtering
  • Very effective for some networks (ISP should
    always do that!)
  • At least be sure that this packet is from some
    particular subnet
  • Problems
  • Hard to handle frequent add/delete hosts/subnets
    or mobileIP
  • Upsets customers should legitimate packets get
    discarded
  • Need to trust other routers

45
TCP Handshake
server
client
SYN seqx
SYN seqy, ACK x1
ACK y1
connection established
46
TCP Handshake
seqy, ACK x1
128.59.10.xx
Rtr
Columbia
130.207.xx.xx
Rtr
Georgia Tech
36.190.0.xx
Rtr
x
The handshake prevents the attacker from
establishing a TCP connection pretending to be
128.59.10.8
src128.59.10.8 dst130.207.7.237
Stanford
47
TCP Handshake
  • Very effective for stopping most such attacks but
    vulnerable
  • Problems
  • The attacker can succeed if y can be predicted
  • Other DoS attacks are still possible (e.g., TCP
    SYN-flood)

48
IP Spoofing SYN Flood
  • IP spoofing X sends SYN message to victim R
    using Ss IP
  • R sends an acknowledgment (SYN-ACK) to client S
    but does not received the ACK message (half-open
    connection).
  • Half-open connections data structure on the
    victim server R eventually fills. R unable to
    accept new connections until the table is emptied
    out.
  • Normally a timeout for half-open connections
    allows R to recover. However, X can continue
    sending IP-spoofed packets requesting new
    connections faster than R can expire the pending
    connections.

49
ping
smurf
50
Smurf Attack
  • Generate ping stream (ICMP echo request) to a
    network broadcast address with a spoofed source
    IP set to a victim host
  • Every host on the ping target network will
    generate a ping reply (ICMP echo reply) stream,
    all towards the victim host
  • Amplified ping reply stream can easily overwhelm
    the victims network connection

51
Leaning about attacks and vulnerabilities
  • www.cve.mitre.org
  • www.cert.org
  • www.sans.org
  • www.cisecurity.com
  • www.security-focus.com
About PowerShow.com