a summary of security related network measurements
play

A summary of security-related network measurements. David Malone - PowerPoint PPT Presentation

Jul 14, 2023 •673 likes •812 views

A summary of security-related network measurements. David Malone Maynooth University. 2017-09-11 15:15:00 Network Measurement Results Internet Measurement Conference (IMC), Passive and Active Measurement Conference (PAM), Traffic

  1. A summary of security-related network measurements. David Malone Maynooth University. 2017-09-11 15:15:00

  2. Network Measurement Results • Internet Measurement Conference (IMC), • Passive and Active Measurement Conference (PAM), • Traffic Measurement and Analysis (TMA), • Also at SIGCOMM, Usenix Security, IEEE SS&P, NDSS, . . .

  3. Packet Processing Frameworks • BPF • old, useful and new uses in Linux. • PF_RING • faster packet capture, • reduces copies, • better multithreading, queueing, hashing, . . . • DPDK/netmap • full packet processing in userland, • can write switches/firewalls/IDSes/. . . , • used to accelerate various tools. Form the basis for tcpdump, tshark, wireshark, . . . Some interesting extensions for other technology (e.g. radiotap for WiFi, usbdump for USB).

  4. Scanning Tools • nmap • nc • zmap • Bit like nmap, • Focused on fast large-scale scanning, • Did a 65536 host network in 10s, • Whole IPv4 Internet in 5min (10Gbps + PF_RING) • Family of tools for: • zgrab for banner grabbing, • zdns for looking up DNS, • zcrypto/zlint/zcertificate for TLS/cert analysis. • Even a search engine https://censys.io • Some more advanced tools like scamper.

  5. Measurement Infrastructure • Looking glasses, • Passive Network Telescopes • Unused but routed address space, • Look for direct attacks or reflected spoofed traffic, • e.g. UCSD (CAIDA) or Team Cymru Darknet. • Often used to monitor DDoS events. • RIPE Atlas, • (10,000) Small computer hosted in network, • Does pings/DNS lookups/. . . , • Allows used-defined measurements, • Encourages researchers to get involved. • CAIDA ARC, • Currently Raspberry Pi hosted by researchers, • Used for topology measurement, DNS measurements, . . . • Allows ping/traceroute interface for researchers. • Facebook ads.

  6. IPv6 • Google sees about 20% users using IPv6, • Ireland at about 10% • Interest in mapping usage • Log files and traceroutes, • Akami mapping users, • Now interest in target generation (DNS walking, . . . ), • How to map open relays, proxies, resolvers, . . . • How to identify IPv4/IPv6 pairs, • Also interest in new protocol features (e.g. extension headers). Some studies of address scarcity and markets forming for IPv4.

  7. Routing • Longstanding problem of measuring topology, • Some research on whose AS can see your packets, • Who is allowing spoofing (egress filtering)? • BGP studies of flapping, AS reputation, hijacking, • Some great databases of historical data, • Starting studies of RPKI. Related: DDoS measurement/mitigation, geolocation, ... Vaguely related: Spotting large scale network scans.

  8. DNSSEC • How deployed is DNSSEC? • Server side: who signs, what algorithms, . . . ? • Client side: who verifies? • Deployment challenges. • EDNS0 extensions for large responses. • Switching to TCP. • Effectiveness of NSEC. • Measuring key rollover. Other DNS activity: detecting alternative roots, performance/robustness of anycast, . . .

  9. TLS/SSL • Deployment levels have always been well monitored. • Performance has also been of interest. • Health of certificate system: • certificate transparency, • certificate validity (65% have problems), • Fascinating attacks on keys: • Debian RNG bug. • gcd ( N 1 , N 2 ) for RSA. • Resulting patching behavior. • Implementation problems • long session caching, • long Diffie-Hellman lifetimes, • clients presenting TLS certificates.

  10. Network Censorship • Understanding the Great Firewall of China, • Measuring Internet disconnection around specific events, • Finding websites or pages that are blocked, • Finding content and keywords that are blocked. • People hiding protocols on wrong port/with TLS/with Tor. There’s a whole side subject or Tor deanonymisation. Has raised ethical issues.

  11. Modern Mobile/App/Web Infrastructure • What are mobile operators middle boxes up to? • How trackable are you with TLS on? • How can we find personally identifying information? • How do apps behave? • How many are built evil? • How many apps/frameworks are calling home? • Are tracker blockers/ad blockers/cookie directives any good?

  12. Interesting High Level Measurements • Deanonymisation of bitcoin transactions. • Analysis of propaganda/fake news bots. • Detecting and characterising doxing. • Who gets to see your e-mail? • What happens to stolen e-mail creds?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security Using Internet-wide Measurements Oliver Gasser Ph. D. Defense, Friday 24 th May, 2019 Chairman: Prof. Dr. Jrg

877 views • 55 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017

Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluating Network Security using Internet Measurements Oliver Gasser Tuesday 23 rd May, 2017 Chair of Network Architectures and Services

900 views • 54 slides
Measuring the net Markus Peuhkuri 2004-10-14 Lecture topics Why network is measured How

Measuring the net Markus Peuhkuri 2004-10-14 Lecture topics Why network is measured How

Measuring the net Markus Peuhkuri 2004-10-14 Lecture topics Why network is measured How network can be measured What is measured How one can utilize measurements IP networks assumed Focus on quality-related measurements,

496 views • 10 slides
Measuring the net Markus Peuhkuri 2003-08-18 Lecture topics Why network is measured How

Measuring the net Markus Peuhkuri 2003-08-18 Lecture topics Why network is measured How

Measuring the net Markus Peuhkuri 2003-08-18 Lecture topics Why network is measured How network can be measured What is measured How one can utilize measurements IP networks assumed Focus on quality-related measurements,

626 views • 9 slides
The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA

The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA

The Bro Network Security Monitor Bro Integrations: Some Misc. Bro Related Stuff Jon Schipp, NCSA BroCon15 MIT, Cambridge, Massachusetts Agenda Outlining a few things Ive worked on ISLET - Software that can be used for Bro training

584 views • 20 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
SpeedLight: Synchronized Network Snapshots Nofel Yaseen , John Sonchack, Vincent Liu 1 Network

SpeedLight: Synchronized Network Snapshots Nofel Yaseen , John Sonchack, Vincent Liu 1 Network

SpeedLight: Synchronized Network Snapshots Nofel Yaseen , John Sonchack, Vincent Liu 1 Network Measurements 2 Network Measurements Measurements are how we understand networks Operators: configuration, management and provisioning

1.16k views • 67 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon

Network Security Where we are in the Course Security crosses all layers Applicatjon Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

1.12k views • 92 slides
Real-time Network Measurements Ran Ben Basat, Technion Joint work with Gil Einziger, Erez

Real-time Network Measurements Ran Ben Basat, Technion Joint work with Gil Einziger, Erez

Real-time Network Measurements Ran Ben Basat, Technion Joint work with Gil Einziger, Erez Waisbard (Nokia Bell Labs) Roy Friedman (Technion) and Marcello Luzieli (UFGRS) ACC Annual Workshop & Feder Prize Ceremony Network Measurements ACC

532 views • 20 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

1.68k views • 39 slides
COMMUNITY WIRELESS MESH NETWORKS Johnathan Ishmael ishmael@comp.lancs.ac.uk Talk Overview

COMMUNITY WIRELESS MESH NETWORKS Johnathan Ishmael ishmael@comp.lancs.ac.uk Talk Overview

COMMUNITY WIRELESS MESH NETWORKS Johnathan Ishmael ishmael@comp.lancs.ac.uk Talk Overview Johnathan Ishmael, Sara Bury, Dimitrios Pezaros, Nicholas Race, "Deploying Rural Community Wireless Mesh Networks," IEEE Internet Computing

642 views • 17 slides
Mitigating Attacks in Unstructured Multicast Overlay Networks Cristina Nita-Rotaru,Aaron Walters,

Mitigating Attacks in Unstructured Multicast Overlay Networks Cristina Nita-Rotaru,Aaron Walters,

Mitigating Attacks in Unstructured Multicast Overlay Networks Cristina Nita-Rotaru,Aaron Walters, David Zage Dependable and Secure Distributed Systems Lab ((DS) 2 ) Department of Computer Science and CERIAS Purdue University Dependable and

781 views • 56 slides
Communication Networks II www.kom.tu-darmstadt.de www.httc.de Multimedia Communications / QoS

Communication Networks II www.kom.tu-darmstadt.de www.httc.de Multimedia Communications / QoS

Communication Networks II www.kom.tu-darmstadt.de www.httc.de Multimedia Communications / QoS Specific Topics (QoS, IntServ, DiffServ) Prof. Dr.-Ing. Ralf Steinmetz TU Darmstadt - Technische Universitt Darmstadt, Dept. of Electrical

995 views • 52 slides
CS 598: Network Security Matthew Caesar January 29, 2013 1 Why secure data centers?

CS 598: Network Security Matthew Caesar January 29, 2013 1 Why secure data centers?

Lecture 3: Data Center and Enterprise Network Security CS 598: Network Security Matthew Caesar January 29, 2013 1 Why secure data centers? Consolidation brings many benefits Easier management, statistical multiplexing

1.51k views • 103 slides
Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill Kirill Lozinskiy Lozinskiy Glenn K. Lockwood et al. Glenn K. Lockwood et al. 1 NERSC @ Berkeley Lab (LBNL) NERSC @ Berkeley Lab (LBNL)

393 views • 16 slides
TF NOC flash presentation LightNet Triestes optical MAN LightNet in brief Temporary

TF NOC flash presentation LightNet Triestes optical MAN LightNet in brief Temporary

TF NOC flash presentation LightNet Triestes optical MAN LightNet in brief Temporary syndicate of R&E institutions on Triestes territory MAN connects institutions sites and transports the connectivity to GARR More than

927 views • 9 slides
Note 2 Flash By: Adrian Sham (adrsham) and Trey Anderson (treyman) A note taking program that

Note 2 Flash By: Adrian Sham (adrsham) and Trey Anderson (treyman) A note taking program that

Note 2 Flash By: Adrian Sham (adrsham) and Trey Anderson (treyman) A note taking program that automatically creates and formats note sheets and flash cards on the fly. Designed to help students make more effective use of their time. UI Design

414 views • 3 slides
DAPPS (Demographic Analysis and Population Projection System) Nobuko Mizoguchi, Sean Fennell,

DAPPS (Demographic Analysis and Population Projection System) Nobuko Mizoguchi, Sean Fennell,

DAPPS (Demographic Analysis and Population Projection System) Nobuko Mizoguchi, Sean Fennell, and Oliver Fischer International Programs, Population Division , U.S. Census Bureau Any views expressed are those of the authors and not necessarily

290 views • 6 slides

More recommend