lecture 13 network security
play

Lecture 13 - Network Security CSE497b - Spring 2007 Introduction - PowerPoint PPT Presentation

Feb 08, 2024 •162 likes •397 views

Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  1. Lecture 13 - Network Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. Exploiting the network ... • The Internet is extremely vulnerable to attack – it is a huge open system ... – which adheres to the end-to-end principle • smart end-points, dumb network • Can you think of any large-scale attacks that would be enabled by this setup? 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  3. Malware • Malware - software that exhibits malicious behavior (typically manifest on user system) – virus - self-replicating code, typically transferring by shared media, filesystems, email, etc. – worm - self propagating program that travels over the network • The behaviors are as wide ranging as imagination – backdoor - hidden entry point into system that allows quick access to elevated privileges – rootkit - system replacement that hides adversary behavior – key logger - program that monitors, records, and potentially transmits keyboard input to adversary – trojan - malicious software disguised as legitimate program 3 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  4. Worms • A worm is a self-propagating program. • As relevant to this discussion 1. Exploits some vulnerability on a target host … 2. (often) embeds itself into a host … 3. Searches for other vulnerable hosts … 4. Goto (1) • Q: Why do we care? 4 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  5. The Danger • What makes worms so dangerous is that infection grows at an exponential rate – A simple model: • s (search) is the time it takes to find vulnerable host • i (infect) is the time is take to infect a host – Assume that t=0 is the worm outbreak , the number of hosts at t=j is 2 (j/(s+i)) – For example, if (s+i = 1), what is it at time t=32? 5 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  6. The result 5,000,000,000 4,500,000,000 4,000,000,000 3,500,000,000 3,000,000,000 2,500,000,000 2,000,000,000 “point of criticality” 1,500,000,000 1,000,000,000 500,000,000 0 6 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  7. The Morris Worm • Robert Morris, a 23 year old doctoral student from Cornell – Wrote a small (99 line) program – November 3rd, 1988 – Simply disabled the Internet • How it did it – Reads /etc/password, they tries the obvious choices and dictionary, /usr/dict words – Used local /etc/hosts.equiv, .rhosts, .forward to identify hosts that are related • Tries cracked passwords at related hosts (if necessary) • Uses whatever services are available to compromise other hosts – Scanned local interfaces for network information – Covered its tracks (set is own process name to sh, 7 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page prevented accurate cores, re-forked itself)

  8. Code Red • Anatomy of a worm: Maiffret (good reading) • Exploited a Microsoft IIS web-server vulnerability – A vanilla buffer overflow (allows adversary to run code) – Scans for vulnerabilities over random IP addresses – Sometimes would deface the served website • July 16th, 2001 - outbreak – CRv1- contained bad randomness (fixed IPs searched) – CRv2 - fixed the randomness, • added DDOS of www.whitehouse.gov • Turned itself off and on (on 1st and 16th of month) – August 4 - Code Red II • Different code base, same exploit • Added local scanning (biased randomness to local IPs) 8 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page • Killed itself in October of 2001

  9. Worms and infection • The effectiveness of a worm is determined by how good it is at identifying vulnerable machines – Morris used local information at the host – Code Red used what? • Multi-vector worms use lots of ways to infect – E.g., network, DFS partitions, email, drive by downloads … – Another worm, Nimda did this • Lots of scanning strategies – Signpost scanning (using local information, e.g., Morris) – Random IP - good, but waste a lot of time scanning dark or unreachable addresses (e.g., Code Red) – Local scanning - biased randomness – Permutation scanning - instance is given part of IP space 9 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  10. Other scanning strategies • Hit-list scanning – Setup - use “low and slow” scanning to determine which hosts are vulnerable (i.e., create a hit list ) – Start the worm, passing the list of vulnerable hosts, reduce/ device the list at each host – Gets past the slow start part, gets right into the exponential – Essentially removes the window to stop worm 5,000,000,000 4,500,000,000 4,000,000,000 3,500,000,000 3,000,000,000 2,500,000,000 2,000,000,000 1,500,000,000 1,000,000,000 500,000,000 0 10 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  11. Other scanning strategies • The doomsday worm: a flash worm – Create a hit list of all vulnerable hosts • Staniford et al. argue this is feasible • Would contain a 48MB list – Do the infect and split approach – Use a zero-day vulnerability • Result: saturate the Internet is less than 30 seconds ! 11 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  12. Parasitic worm ... • Insight: most worm mitigation strategies are based on the detection of attack as it occurs • What if a program was smart enough to find new vulnerabilities on its own? – It could periodically change its infection strategy ( mutate ) – Then forget old attack vectors – Each mutation requires new detection mechanisms Result : basically unstoppable, “point 1e+06 100000 of criticality” reached only after a few 10000 Attacks per Round mutations [Butler ‘05] 1000 0% mutation prob 2% mutation prob 3% mutation prob 5% mutation prob 100 10% mutation prob 10 1 0.1 0 100 200 300 400 500 Time (in rounds) 12 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  13. Worms: Defense Strategies • (Auto) patch your systems: most, if not all, large worm outbreaks have exploited known vulnerabilities (with patches) • Heterogeneity: use more than one vendor for your networks • Shield (Ross): provides filtering for known vulnerabilities, such that they are protected immediately (analog to virus scanning) Network Shield Traffic Network Interface Operating System • Filtering: look for unnecessary or unusual communication patterns, then drop them on the floor – This is the dominant method, getting sophisticated (Arbor Networks) 13 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  14. Advanced Methods • Quarantine - how do stop it once it is out? – Internet Quarantine: Requirements for Containing Self-Propagating Code . David Moore, Colleen Shannon, Geoffrey M. Voelker, Stefan Savage • Assume you have a LAN/WAN environment – We have already talked about how to prevent – Q1: How do you recognize a worm? – Q2: How do you stop a worm? • Much work in this area ... – number of new addresses contacted – number of incomplete IP handshakes – number of connections to new local hosts (COI?) 14 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  15. Denial of Service • Intentional prevention of access to valued resource – CPU, memory, disk (system resources) – DNS, print queues, NIS (services) – Web server, database, media server (applications) • This is an attack on availability ( fidelity ) • Note : launching DOS attacks is easy • Note : preventing DOS attacks is hard – Mitigate the path most frequently traveled 15 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  16. D/DOS (generalized by Mirkovic) • Send a stream of packets/requests/whatever … – many PINGS, HTML requests, ... • Send a few malformed packets – causing failures or expensive error handling – low-rate packet dropping (TCP congestion control) – “ping of death” • Abuse legitimate access – Compromise service/host – Use its legitimate access rights to consume the rights for domain (e.g., local network) – E.g., someone runs a recursive file operation on root of NFS partition 16 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  17. SMURF Attacks • This is one of the deadliest and simplest of the DOS attacks (called a naturally amplified attack) – Send a large number of PING packets on the broadcast IP addresses (e.g., 192.168.27.254) – Set the source packet IP address to be your victim – All hosts will reflexively respond to the ping at your victim – … and it will be crushed under the load. – Fraggle: UDP based SMURF Host Host Host Host Host adversary Broadcast victim Host Host Host Host 17 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP

TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP

TCP/IP: TCP Network Security Lecture 7 Eike Ritter Network Security - Lecture 7 1 TCP spoofing Alice trusts Bob (e.g., logins on Alice are allowed with no password if TCP connection comes from host Bob) Mallory wants to impersonate

923 views • 17 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions on Administrativia, organizational matters? Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

431 views • 42 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture

739 views • 40 slides
CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang xwy@cs.duke.edu Overview Why studying network security? The topic itself is worth another class Basic cryptography building blocks

768 views • 49 slides
CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices

CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices

Lecture 4: Device Security and Router Mechanisms CS 598: Network Security Matthew Caesar February 7, 2011 1 This lecture Network devices Their internals and how they work Network connections How to plug devices together 2

1.41k views • 119 slides
Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security

Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security

Network provider Security Markus Peuhkuri 2005-04-28 Lecture topics Basics of security Security threats Regulators and ISP security Some headlines Davie-Besse nuclear reactor control network

482 views • 17 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa -

Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa -

Introduction Advantages Skype Supernodes Botnet Our Model Features Communication protocol Experiments Limitations Countermeasures Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype Antonio Nappa - Universit`

483 views • 16 slides
The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31

The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31

The Symbol Grounding Problem Qi Huang Department of Computer Science February 3, 2020 1 / 31 Table of Contents Introduction Symbol System The Symbol Grounding Problem Hybrid symbol grounding system Conclusion & Discussion 2 / 31

421 views • 31 slides
FIT: Fill Insertion considering Timing Bentian Jiang, Xiaopeng Zhang, Ran Chen, Gengjie Chen,

FIT: Fill Insertion considering Timing Bentian Jiang, Xiaopeng Zhang, Ran Chen, Gengjie Chen,

FIT: Fill Insertion considering Timing Bentian Jiang, Xiaopeng Zhang, Ran Chen, Gengjie Chen, Peishan Tu, Wei Li, Evangeline F. Y. Young and Bei Yu CSE Department, The Chinese University of Hong Kong June. 6, 2019 Outline Introduction

605 views • 23 slides
The shifted box scheme for scalar transport problems Bertil Gustafsson Uppsala University and

The shifted box scheme for scalar transport problems Bertil Gustafsson Uppsala University and

The shifted box scheme for scalar transport problems Bertil Gustafsson Uppsala University and Stanford University Joint work with: Yaser Khalighi, Stanford .

1.12k views • 43 slides
CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 8 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive, insider/outsider

638 views • 16 slides
Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY Elements of

662 views • 49 slides
Agenda 9.00 - 9.15: APNIC Presentation 9.15 10.30: Danny McPherson 10.30 -11.00:

Agenda 9.00 - 9.15: APNIC Presentation 9.15 10.30: Danny McPherson 10.30 -11.00:

Network Security: The Principles of Threats, Attacks and Intrusions APRICOT Tutorial Perth Australia 28 February, 2006 Danny McPherson, Arbor Networks Ray Hunt, Associate Professor University of Canterbury, New Zealand 1 Agenda 9.00 -

959 views • 52 slides
Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1

Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1

29.09.2016 Research on attitudes to veterinary medicines Online survey among European citizens July 2016 1 Awareness: Farm animals are vaccinated to prevent them becoming sick. n = 1000 n = 6013 11% 12% 15% 17% 71% 74% Yes, I am aware

223 views • 21 slides

More recommend