intro history hacking
play

Intro, history, hacking Network Security Lecture 1 Welcome to - PowerPoint PPT Presentation

Oct 20, 2023 •218 likes •564 views

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

  1. Intro, history, hacking Network Security Lecture 1

  2. Welcome to Network Security Should be able to Skills • identify design and • Ability to analyze the implementation security of networked vulnerabilities in network systems protocols and applications • Ability to perform security • exploit such vulnerabilities assessments of a system in practice • Ability to fix vulnerabilities • detect and protect from attacks Eike Ritter Network Security - Lecture 1 1

  3. Module Outline • TCP/IP security • Web security • Browser security • Malicious web • Intrusion detection systems Eike Ritter Network Security - Lecture 1 2

  4. Organization Lectures • – 2/week • Office hours – Tuesdays 4-5pm, and by appointment Homework • – 2 assignments (mix of programming, network analysis, attacks) – Reading assignments, roughly once a week • Examination – 1.5 hours – Covers everything we discuss in class • Grading – 80% examination – 20% homework Check • http://www.cs.bham.ac.uk/~exr/teaching/lectures/networkSecurity/11_1 2 regularly for updates and news Eike Ritter Network Security - Lecture 1 3

  5. What is expected from you • Participate in lectures – Handouts are available (print and online), but they don’t cover everything – Be active: Something is not clear? Ask questions! • Absolutely no plagiarism – Be familiar with School’s plagiarism policy – It’s OK to discuss with others, but everything you submit must be yours • Any problem, doubt, special need; come talk to me Eike Ritter Network Security - Introduction 4

  6. A brief history NETWORK SECURITY Eike Ritter Network Security - Lecture 1 5

  7. ‘60 Advanced Research Projects • Agency (ARPA) funds development of ARPANET • First four nodes in 1969 – UCLA (Vint Cerf, Steve Crocker, Jon Postel, Leonard Kleinrock) – SRI (Doug Engelbart) – UCSB (Glen Culler, Burton Fried) – University of Utah • Uses the Network Control Protocol (NCP) through Information Message Processors (IMP) http://www.computerhistory.org/internet_history/full_size_images/1969 _4-node_map.gif Eike Ritter Network Security - Lecture 1 6

  8. ‘70 • UNIX, C, Email, Telnet, FTP, TCP, Ethernet, USENET • More hosts join the ARPANET http://www.computerhistory.org/internet_history/full_size_images/1975 _net_map.gif Eike Ritter Network Security - Lecture 1 7

  9. ‘80 • Berkeley UNIX includes the TCP/IP suite (sockets) • ARPANET standardizes on TCP/IP (1983) • MILNET detaches from public network (ARPANET) • DNS http://www.computerhistory.org/internet_history/full_size_images/1988 _nsfnet_map.gif Eike Ritter Network Security - Lecture 1 8

  10. … up to now • Even more hosts attach to the Internet • 1991: the Web is born (Tim Berners-Lee at CERN) • The dot-com boom and bust http://opte.org/maps/ Eike Ritter Network Security - Lecture 1 9

  11. Vulnerabilities Source: http://web.nvd.nist.gov/view/vuln/statistics Eike Ritter Network Security - Lecture 1 10

  12. Incidents • Stats from cert.org/stats/ • “Incident reports received - Given the widespread use of automated attack tools, attacks […] have become so commonplace […] provide little information with regard to assessing the scope and impact of attacks. Therefore, we stopped providing this statistic at the end of 2003.” • So, we just gave up… Eike Ritter Network Security - Lecture 1 11

  13. Terminology • Vulnerability – A flaw or weakness in a system's implementation that could be exploited to violate the system's security policy • Exploits – An attack that leverages a vulnerability to violate a system’s security policy Eike Ritter Network Security - Lecture 1 12

  14. HACKING, HACKERS Eike Ritter Network Security - Lecture 1 13

  15. What is a hacker? • The term “hacker” was introduced at MIT in the 60s to describe “computer wizards” – “someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money.” (Brian Harvey, UC Berkeley, http://www.cs.berkeley.edu/~bh/hacker.html) • It has been eventually used to denote “malicious hackers” or “crackers”, that is, people that perform intrusions and misuse computer systems • More jargon: http://www.eps.mcgill.ca/jargon/jargon.html Eike Ritter Network Security - Lecture 1 14

  16. Phreaking • In 1971, John Draper learns that a toy whistle found in Cap’n Crunch cereal box emits sounds at 2600 Hz frequency • The 2600 frequency was used by AT&T to indicate that a trunk line was ready and available to route new call • Free long-distance calls (blue box)… • John Draper arrested in 1972 for toll fraud Eike Ritter Network Security - Lecture 1 15

  17. Early problems • Bob Metcalfe, “The Stockings Were Hung by the Chimney with Care”, RFC 602, December 1973 • “The ARPA Computer Network is susceptible to security violations for at least the three following reasons” – Sites used to physical limitations of access are not protected against unauthorized access (e.g., passwords which are easy to guess) – “The TIP allows access to the ARPANET to a much wider audience than is thought or intended.” – “There is a lingering affection for the challenge of breaking someone's system” Eike Ritter Network Security - Lecture 1 16

  18. The cuckoo’s egg • Cliff Stoll was a system administrator at LBL in 1986 • While investigating an accounting discrepancy, he discovers an account created without billing address • Further investigation reveals the presence of an intruder • Cliff Stoll decides to monitor the actions of the intruder instead of simply cutting him/her off (honeypot of sorts) Eike Ritter Network Security - Lecture 1 17

  19. The cuckoo’s egg – cont’d The vulnerability • – Emacs provided a utility ( movemail ) to allow users to change spool file ownership and move it – At LBL it was installed setuid root • The exploit – The attacker used movemail to copy his own script over the atrun utility, which is run periodically with system privileges • Consequences – Intruder gained root access – Used the system to probe military systems in the MILNET – Looked for potentially sensitive documents searching for keywords like “SDI” (Strategic Defense Initiative), “nuclear”, “norad” • Investigation – FBI involved – Conenctions traced back to Germany – In 1989 arrest of Markus Hess, who operated for the KGB Eike Ritter Network Security - Lecture 1 18

  20. The Morris Worm • On November 2, 1988, Robert T. Morris releases the Internet worm • A mistake in the propagation procedure leads to the overload of infected machines • Internet had to be “turned off” • RTM was sentenced to three years’ probation, a $10,000 fine, and 400 hours of community service • The Computer Emergency Response Team (CERT) was created Eike Ritter Network Security - Lecture 1 19

  21. The Morris Worm – cont’d • Worm: self-replicating program that spreads across a network of machines • Vulnerabilities & exploits – “Debug” function of sendmail , which enabled to send an email with a program as a recipient • Worm sent a message with body that created a C program which transferred the rest of the modules from the originating host, linked them, and executed them – fingerd stack-based buffer overflow – Weak passwords – Trusted hosts (~/.rhost) Eike Ritter Network Security - Lecture 1 20

  22. Kevin Mitnick • 1981: breaks into Pac Bell phone center. 1year probation. 1982: cracks Pacific • Telephone. 6 months of juvenile prison. 1987: breaks into SCO. 3 years • probation. • 1988: expelled from Pierce for computer misuse 1992: cracks into California • DMV • 1994: breaks into San Diego Supercomputer Center 1995: well-publicized arrest • (Shimomura and New York Time’s John Markoff) Eike Ritter Network Security - Lecture 1 21

  23. Kevin Mitnick – cont’d • Christmas 1994 attack against San Diego Supercomputer Center (SDSC) • Sophisticated TCP spoofing attack, which exploits the trust relationship between two hosts, x-terminal and server – x-terminal: diskless host – server: host providing boot images to x-terminal – x-terminal allows unauthenticated logins and commands from server • Exploit – DoS against server – Attacker spoofs server and injects command # rsh x-terminal "echo + + >>/.rhosts" Eike Ritter Network Security - Lecture 1 22

  24. Other famous incidents • Summer 2001: Code Red – Exploits buffer overflow in IIS – Defaces the vulnerable site to display: HELLO! Welcome to http://www.worm.com! Hacked By Chinese! • August 2003: Blaster worm – Exploits buffer overflow in DCOM RPC service of Windows and binds a command shell to port 4444 of the infected target – Transfers payload on compromised machine via TFTP – SYN floods windowsupdate.com (but not windowsupdate.microsoft.com) – Jeffrey Lee Parson, 18 year old, arrested Eike Ritter Network Security - Lecture 1 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

485 views • 27 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Intro Hardware Security Platform Security Hacking Q&A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at Hamburg & Dublin City University 2010-12-16 1 / 54 Intro Hardware Security

974 views • 79 slides
Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The

Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The

Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The Venter case Anonymous datasets Summary We need to share genetic information Hereditary Spastic Joubert syndrome Hemifacial Paraparesis

555 views • 21 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It was always possible, but uncommon, to subvert that stub-resolver-auth resolution model Snowden revelations led to RFC7258 Encrypting DNS

346 views • 9 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through

A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through

Recognition: A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through the History of Recognition We will do a quick fast-forward through the history of recognition For every type of approach, try to

1.03k views • 67 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING TOOLKIT FREE, OPEN-SOURCE WHAT IS ZIGDIGGITY??? + = RaspBee radio + Raspberry Pi ZigDiggity - GitHub Code http://zigdiggity.com BISHOPFOX

617 views • 23 slides
INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider

INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider

INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider INTRO: How to make it? What is it: physical or digital What is it: Scrapbooking What is it: collection of ingredients for a meal What is it: A

379 views • 20 slides
Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020 HACKING C# - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

481 views • 37 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
11:00 AM to 7:00 PM Served 11 am - 8 pm General Tsos Chicken Sweet & Sour Tofu

11:00 AM to 7:00 PM Served 11 am - 8 pm General Tsos Chicken Sweet & Sour Tofu

11:00 AM to 7:00 PM Served 11 am - 8 pm General Tsos Chicken Sweet & Sour Tofu White Rice Vegetable Lo Mein Vegetable Egg Rolls 11:00 AM to 7:00 PM Served 11 am - 8 pm Seasoned Taco Beef Shredded Pork Carnitas

342 views • 7 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Experiences with High Performance Intrusion Detection in the HPC Environment Cray Users Group

Experiences with High Performance Intrusion Detection in the HPC Environment Cray Users Group

Experiences with High Performance Intrusion Detection in the HPC Environment Cray Users Group 2011 Presentation Jim Mellander Scott Campbell NERSC Agenda NERSC Description Operational Philosophy Science-Driven Cybersecurity

597 views • 23 slides
Protec'on, iden'ty, and trust Illustrated with Unix setuid

Protec'on, iden'ty, and trust Illustrated with Unix setuid

Protec'on, iden'ty, and trust Illustrated with Unix setuid Jeff Chase Duke University The need for access control Processes run programs on behalf of users. ( subjects )

1.02k views • 70 slides
LECTURE 2 Python Basics MODULES ''' Module fib.py ''' So, we just put together our first def

LECTURE 2 Python Basics MODULES ''' Module fib.py ''' So, we just put together our first def

LECTURE 2 Python Basics MODULES ''' Module fib.py ''' So, we just put together our first def even_fib (n): real Python program. Lets say we total = 0 store this program in a file called f1 , f2 = 1 , 2 while f1 < n : fib.py. if f1 % 2

523 views • 38 slides
Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages, and scripts. Weve already used some modules, now well learn what they are, how theyre orgainized in packages, and how to write Python

435 views • 12 slides
C for Java Programmers & Lab 0 Don Porter Portions courtesy Kevin Jeffay 1 COMP 530:

C for Java Programmers & Lab 0 Don Porter Portions courtesy Kevin Jeffay 1 COMP 530:

COMP 530: Operating Systems C for Java Programmers & Lab 0 Don Porter Portions courtesy Kevin Jeffay 1 COMP 530: Operating Systems Same Basic Syntax Data Types: int, char void - (untyped pointer) Can create other data types

661 views • 23 slides
Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan /

Secure Programming Laboratory 2: Shellshock and Race Condition SP Demonstrators: Arthur Chan / David Aspinall 13th February 2019 Orientation This is the second Laboratory Session for Secure Programming It is convened by Arthur and David. The

332 views • 14 slides

More recommend