internet security 1
play

Internet Security [1] VU 184.216 Engin Kirda - PowerPoint PPT Presentation

Jun 20, 2023 •270 likes •617 views

Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will be issued next

  1. Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at

  2. Administration • Challenge 2 – deadline is tomorrow – 177 correct solutions • Challenge 4 – will be issued next week (around 10th May) – first “real programming” assignment (Java) – simple SMTP engine – demonstrates how easily email information can be spoofed Internet Security 1 2

  3. Internet Application Security

  4. Internet Applications • Traditional services – emerged to satisfy needs from the beginning of the Internet – often no (or little) security in mind – mail transfer (SMTP) – name resolution (DNS) – file transfer (FTP) – remote access (telnet, rservices) • Secure replacements – introduced to address problems in traditional protocols – remote access (ssh) – file transfer (scp) Internet Security 1 4

  5. SMTP Simple Mail Transfer Protocol (SMTP) • initially specified in RFC 821 • de facto standard for email transmission • simple, text-based protocol • MIME used to encode binary files (attachments) • listens on port 25 • push protocol (used to exchange emails between servers) • clients have to retrieve emails via other protocols such as IMAP or POP Internet Security 1 5

  6. SMTP Session S: 220 www.example.com ESMTP Postfix C: HELO mydomain.com S: 250 Hello mydomain.com C: MAIL FROM: sender@mydomain.com S: 250 Ok C: RCPT TO: friend@example.com S: 250 Ok C: DATA S: 354 End data with <CR><LF>.<CR><LF> C: Subject: test message C: From: sender@mydomain.com C: To: friend@example.com C: C: Hello, C: This is a test. C: Goodbye. C: . S: 250 Ok: queued as 12345 C: QUIT S: 221 Bye Internet Security 1 6

  7. SMTP • Security Issues – mail servers have wide distribution base and are publicly accessible • software vulnerabilities • configuration errors – sendmail • one of the first SMTP implementations (MTAs) • long history of vulnerabilities • complicated configuration (M4 macro language) • e.g., buffer overflow in Sendmail 8.12.9 and before (2003) – postfix , qmail • secure replacements – no authentication of sender is performed • huge problem • makes unsolicited email such a problem Internet Security 1 7

  8. SMTP • Lack of authentication – everyone can connect to a SMTP server and transmit a message – server cannot check sender identity (besides IP address) • Mail relay – server accepts message that does not appear to be either for a local address or from a local sender • Solutions for authentication – SMTH-AUTH • access control list with explicit login • clients must be aware of SMTP-AUTH – POP-before-SMTP • logins are simulated by POP request (which require a login) • when a client performs a POP request, its IP address is authenticated with the SMTP server for some time (e.g., 30 minutes) Internet Security 1 8

  9. SPAM • Unsolicited email message • Gather destination email addresses – brute force guessing – harvesting (web pages, mailing lists, news groups, …) – verified address are more valuable (social engineering, web bug) • Delivering spam messages – own machine (not very smart) – other machines • open mail relays • open proxies • web forms • zombie nets (compromised machines) Internet Security 1 9

  10. SPAM • Countermeasures – client • filter tools (e.g., SpamAssassin) • automatic report systems – blacklists • identify origins of spam messages and quickly distribute this information – infrastructure • Sender ID • resulted from a merge between SPF (sender policy framework) and Caller-ID • works by adding “reverse MX” records for a domain • only listed machines can send email from this domain Internet Security 1 10

  11. DNS Domain Name Service (DNS) • initially specified in RFC 1034/1035 • distributed database that maps names into IP addresses and vice versa • name space is hierarchically divided in domains • each domain is managed by a name server • clients access name server resolution services through the resolver library • uses mostly UDP • sometimes TCP for long queries and TCP for zone transfers between name servers Internet Security 1 11

  12. DNS . .at. .edu. .com. .example.com. .amazon.com. .subdomain.example.com. Internet Security 1 12

  13. Name Server • Name servers are responsible for mapping names of a domain – example • subdomain.domain.com is managed by dns.subdomain.domain.com • domain.com is managed by master.domain.com • Root name servers – 13 machines distributed around the world – associated with the top level of the hierarchy – dispatch queries to the appropriate domains • Server types – primary (authorative for the domain, loads data from disk) – secondary (backup servers, get data through zone transfers) – caching-only (relies on other servers but caches results) – forwarding (simply forwards query to other servers) Internet Security 1 13

  14. Name Server • A server that cannot answer a query forwards the query up in the hierarchy • Then, the search is following the correct branch in the hierarchy down to the authorative server • The results are usually maintained in a local cache • Reverse lookup – mapping from IP addresses to names – also called pointer queries – use dedicated branch in name space starting with ARPA.IN-ADDR – example • if 128.131.172.79 is resolved, this is mapped into 79.172.131.128.in-addr.arpa Internet Security 1 14

  15. DNS Clients • At least one name server has to be specified – e.g., Linux uses /etc/resolv.conf • Queries can be – recursive • require a name server to find the answer to the query itself – iterative • instead of the resolved name another server‘s address is returned, which can be asked • Lookup can be performed with – nslookup , host , dig Internet Security 1 15

  16. DNS Data • unique message format for requests and replies • contains questions, answers, authorative information • DNS data is structured in Resource Records, which store the information. • Different types of RR exist: A defines an IP address for domain name HINFO host information (CPU, OS) NS authorative name server for domain MX mail server for domain Internet Security 1 16

  17. Zone Transfer Info  nslookup ...  ls -d infosys.tuwien.ac.at. [tunamea.tuwien.ac.at] $ORIGIN infosys.tuwien.ac.at. @ 1D IN SOA uhura.kom.tuwien.ac.at. hostmaster.noc.tuwien.ac.at. ( 1985 ; serial 8H ; refresh 2H ; retry 1W ; expiry 1D ) ; minimum 1D IN NS tunamea.tuwien.ac.at. 1D IN NS tunameb.tuwien.ac.at. 1D IN MX 25 nfs1 amd01 1D IN A 128.131.172.56 amd02 1D IN A 128.131.172.68 amd03 1D IN A 128.131.172.69 Internet Security 1 17

  18. DNS Security Issues • DNS often provides rich information – IP addresses – HINFO records – WKS – can be gathered via exhaustive queries or via zone transfers – IP scanning is not necessary in many cases • DNS hijacking • Simple DNS spoofing • DNS cache poisoning • Daemon vulnerabilities BIND named has a bad security history – – latest problem was a buffer overflow in 2002 Internet Security 1 18

  19. DNS Hijacking • Relies on the fact the UDP is used • Usually, attacker has to see DNS requests • Respond to a request with incorrect data • Respond faster than legitimate server • It is possible to perform DNS Hijacking by – racing with the server with respect to a client – racing with a server with respect to another server • „Blind“ DNS hijacking – requires to guess the request ID – many implementations use sequential numbers Internet Security 1 19

  20. Simple DNS Spoofing • Used when authentication is performed based on DNS names with reverse lookup – e.g. trusted.example.com may login using rlogin without specifying a username/password • Concept – a DNS query is forwarded to the authorative DNS server for the IP address that logs in (under control of the attacker) – this DNS server replies with the (faked) trusted name Internet Security 1 20

  21. Simple DNS Spoofing 172.111.0.11 Internet Host A 128.130.2.1 Gateway Gateway 128.130.2.10 172.111.0.2 Host C DNS Server 128.130.2.2 DNS Server Host B Internet Security 1 21

  22. Simple DNS Spoofing • Host C (128.130.2.10) opens a TCP connection to Host A (172.111.0.11) • Server A asks its DNS server (172.111.0.2) to look up the address 128.130.2.10 • A‘s DNS server can‘t resolve this address and forwards the query • C‘s DNS server (128.130.2.3) gets the request and returns a reply with a wrong name (e.g. trusted.example.com) • A gets from its DNS server the answer that 128.130.2.10 is trusted.example.com and allows C to log in without password Internet Security 1 22

  23. Simple DNS Spoofing • Countermeasure – use double reverse lookup – given the IP address i obtain the name n – using name n, obtain IP address j – check if i=j Internet Security 1 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

294 views • 10 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN &amp; Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

433 views • 29 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President &amp; CEO Internet Security Alliance lclinton@ISAlliance.org 703-907-7028 202-236-0001 Cyber Security and the Economy The state of Internet security is eroding quickly. Trust in online transactions is evaporating,

321 views • 18 slides
CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Security Basics Trent Jaeger Systems and Internet

397 views • 28 slides
Midterm 2 Review Chapters 4-16 LC-3 ISA You will be allowed to use the one page summary. 8-2

Midterm 2 Review Chapters 4-16 LC-3 ISA You will be allowed to use the one page summary. 8-2

Midterm 2 Review Chapters 4-16 LC-3 ISA You will be allowed to use the one page summary. 8-2 LC-3 Overview: Instruction Set Opcodes 15 opcodes Operate instructions: ADD, AND, NOT Data movement instructions: LD, LDI, LDR, LEA, ST,

999 views • 55 slides
Last Class: Memory Management Allocating memory to processes Limited physical memory,

Last Class: Memory Management Allocating memory to processes Limited physical memory,

Last Class: Memory Management Allocating memory to processes Limited physical memory, internal and external fragmentation Paging and segmentation Address translation, efficiency Hardware support (e.g., TLB) Page

513 views • 13 slides
Introduction Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de Montpellier

Introduction Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de Montpellier

Introduction Emanuele Valea &lt;valea@lirmm.fr&gt; LIRMM CNRS / Universit de Montpellier Course Outline UNIX operating system: an introduction Basic commands Shell Tools and advanced commands Shell scripts Lesson Outline

848 views • 46 slides
RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables DNS: hierarchical database POSIX socket API socket bind/listen/accept getaddrinfo 2 FTP protocol (simplifjed) 230 User logged in

1.67k views • 125 slides
FEC-Based File Transfer in Communication Networks John N. Daigle and Nail Akar

FEC-Based File Transfer in Communication Networks John N. Daigle and Nail Akar

Introduction Luby transform FEC Luby transform performance Luby transform-based file transfer Raptor code-based file transfer Conclusions FEC-Based File Transfer in Communication Networks John N. Daigle and Nail Akar wcdaigler@olemiss.edu,

944 views • 19 slides
Computing - Java Intro to CSC116 Course Information Introductions Website

Computing - Java Intro to CSC116 Course Information Introductions Website

CSC116: Introduction to Computing - Java Intro to CSC116 Course Information Introductions Website Syllabus Schedule Computing Environment AFS (Andrew File System) Linux/Unix Commands Helpful Tricks

799 views • 50 slides
Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien,

Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien,

Platform-independent static binary code analysis using a meta- assembly language Thomas Dullien, Sebastian Porst zynamics GmbH CanSecWest 2009 Overview The REIL Language Abstract Interpretation MonoREIL Results 2 Motivation Bugs are

677 views • 52 slides
LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary

LECTURE 2 Review 1 Binary Math and Assembly BINARY MATH In this section, we review Binary to decimal conversions and vice versa IEEE 754 Floating point representations Binary Arithmetic Decimal representation of binary numbers

1.66k views • 118 slides

More recommend