network security fundamentals
play

Network Security Fundamentals Security Training Course Dr. Charles - PowerPoint PPT Presentation

Feb 24, 2024 •1.28k likes •1.68k views

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 3 Network Protocol Attacks Roadmap Network security The basic objectives: CIA

  1. Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013

  2. Network Security Fundamentals Module 3 Network Protocol Attacks

  3. Roadmap • Network security  The basic objectives: CIA  Vulnerabilities and defenses for layers 1 - 4 04/13 cja 2013 3

  4. Some notes • Focus on IPv4 and Ethernet  IP is the dominant network protocol  IPv6 not yet widely deployed  Ethernet is ubiquitous • The basic principles apply to other protocols and other media  As always, the devil is in the details… 04/13 cja 2013 4

  5. You are here… • Network security  The basic objectives: CIA  Vulnerabilities and defenses for layers 1 - 4 04/13 cja 2013 5

  6. Network Security: CIA • Confidentiality  No eavesdropping  No mis-directed traffic • Integrity  What’s received = What’s sent • Availability  The network should never go down  Networks should always be fast enough 04/13 cja 2013 6

  7. Availability: Layer 0 • Never forget the physical environment  Fire  Lightning  Flood  Power failures  Backhoe events  Vandalism  HVAC failure  Etc… 04/13 cja 2013 7

  8. You are here… • Network security  The basic objectives: CIA  Vulnerabilities and defenses for layers 1 - 4 04/13 cja 2013 8

  9. Layer 1 CIA issues • Confidentiality I  RF is almost always interceptable  Ex: the Pringles can antenna (Instructions)  Ex: 60 GHz point-to-point radio  Copper is sometimes tappable  Difficulty increases with frequency (to a point)  Equipment isn’t a commodity item  Fiber is hard to tap  Essentially no leakage radiation 04/13 cja 2013 9

  10. Layer 1 CIA issues • Confidentiality II  Electronics are the weak spot  Hubs simply rebroadcast what comes in  Many switches have an “ eavesdrop ” mode  Some switches have “ remote eavesdrop ” mode  Administrative access to equipment must be controlled  Physical access to equipment must be controlled 04/13 cja 2013 10

  11. Layer 1 CIA issues • Integrity  RF is subject to fading and interference  High noise => high BER (bit error rate)  Ex: AA to DBRN microwave link  Ex: RFID jamming (Instructions)  Cables are usually reliable but…  Attenuation leads to low S/N => high BER  Bad termination leads to reflections  Vendors usually get the electronics right 04/13 cja 2013 11

  12. Layer 1 CIA issues • Availability  Same issues as “ Layer 0 ”  Acts of [malevolent] deities  Acts of malevolent people  Acts of the merely ignorant… 04/13 cja 2013 12

  13. Example: Rogue CCS server • We detected a DDoS attack against a central campus CCS address • CCS had no machine at that IP address • ARP data gave us a MAC address • Switch in the Union said MAC address was in West Quad • Switch in West Quad said MAC address was in the Union 04/13 cja 2013 13

  14. Example: Rogue CCS server • On further investigation, we found:  New switch in comm closet in West Quad  Patched into fiber between Union and WQ  Rack-mounted server connected to the switch  Many GB of Warez, photos of unclad persons, music, movies, etc.  Examination of traffic logs found that it had been in service for ca. 6 months  The good news: no sniffer was running (we think…) 04/13 cja 2013 14

  15. Layer 2 vulnerabilities • Broadcast storms • ARP/CAM lifetime mismatch • ARP spoofing/Gateway spoofing • MAC spoofing/CAM flooding • VLAN hopping • Spanning Tree attacks • DHCP attacks 04/13 cja 2013 15

  16. Broadcast storms • A loop in a LAN can be created accidentally or deliberately • Broadcast messages travel around the loop at wire speed • => Entire LAN is flooded with broadcasts • Solutions:  Spanning tree to eliminate loops 04/13 cja 2013 16

  17. ARP/CAM lifetime mismatch • High-volume UDP stream inbound to valid IP • Target goes off-line but source keeps sending • Switch CAM table times out in 5 minutes, router ’ s ARP cache times out in 4 hours • => Switch floods traffic out all ports • Solutions:  Adjust CAM lifetime to match ARP (everywhere!)  Reduce ARP lifetime to match CAM  Can cause high router CPU load from excessive ARPing 04/13 cja 2013 17

  18. ARP/gateway spoofing • Good guy ARPs for default gateway • Bad guy replies faster than router • Bad guy sends gratuitous ARP to router • => Good guy ’ s external traffic all passes through Bad guy ’ s machine • Solutions:  Static ARP and ARP monitoring  “ Private VLANs ” (maybe) 04/13 cja 2013 18

  19. MAC spoofing/CAM flooding • Bad guy floods net with random bogus source MAC addresses (uni- or broadcast) • Switch CAM tables fill up and overflow • => All traffic gets flooded out all ports • Solutions:  Static CAM entries (sometimes)  Switch “ port security ” & broadcast control  SNMP trap on CAM overflow 04/13 cja 2013 19

  20. VLAN hopping I • Frames on trunks have 802.1q VLAN tags • Switches strip tags on incoming frames • Bad guy pretends to be switch and sets up trunking to his machine • => Bad guy has access to all VLANs • Solutions:  Turn off dynamic trunking protocol  Limit trunks to required VLANs only 04/13 cja 2013 20

  21. VLAN hopping II • Bad guy generates frames with multiple 802.1q headers (multiple encapsulation) • Switch only strips one header on ingress • => Bad guy can send to another VLAN • Solutions:  This only works if trunk “ native ” VLAN is a user VLAN, so use a dedicated native VLAN. 04/13 cja 2013 21

  22. Spanning tree attacks I • Bad guy sends lots of BPDU ’ s • => Switches keep recalculating, no traffic gets through • This also DoS ’ s the bad guy, unless he runs the attack remotely… 04/13 cja 2013 22

  23. Spanning tree attacks II • Bad guy sends BPDU with priority 0 • Switches make bad guy the root, or • Bad guy ’ s switch becomes the root • => Bad guy has access to VLAN traffic • => Traffic flow may be non-optimal (DoS) • Solutions:  Shut down access ports with incoming root BPDUs 04/13 cja 2013 23

  24. DHCP attacks • Bad guy floods net with DHCP requests • => DHCP server runs out of addresses • Bad guy runs rogue DHCP server • => Users get bogus addresses, or • => Users use Bad guy as default gateway 04/13 cja 2013 24

  25. Layer 3/4 vulnerabilities • IP spoofing • Ping of Death and other buffer overflows • Smurfing • Zombies & Bots • ICMP/UDP flooding • TCP SYN flooding • Random target scans • Routing table attacks 04/13 cja 2013 25

  26. IP Spoofing • Source address of IP traffic may not be the “ real ” address of the sender  Some machine do have multiple addresses… • Often used with other forms of attack to mask the true location of the attacker • Local spoofing mitigated by router ingress ACLs on all LANs and/or RPF checks • Remote spoofing can be hard to stop… 04/13 cja 2013 26

  27. Packets of Death, etc. • Cisco IOS crashes when ICMP packets are received with certain options set • Solaris crashes when SMTP traffic arrives with a multicast source IP address • Other buffer overflows can push random info (or crafted code) on CPU stack  Modern buffer overflows usually designed to cause compromise rather than death 04/13 cja 2013 27

  28. Smurfing • Send traffic to LAN directed broadcast address (with spoofed source address) • => All machines on LAN reply to the target • Solution:  Turn off directed-broadcast forwarding  Newer exploit - Use a bot to send local broadcasts with a spoofed source address 04/13 cja 2013 28

  29. DNS Multiplication • Build bogus domain with large TXT records • Send requests with spoofed source address to DNS servers with open recursion turned on • All servers reply to the target; large records => fragmentation => hard to filter • Solution:  Fix everyone else ’ s DNS servers…  Turn off open recursion 04/13 cja 2013 29

  30. Zombies and Bots • Use worms/viruses to install remote control software in many machines  Typically communicating via rendezvous  Commands may be embedded in ICMP, etc. • Add a few layers of indirection between the controller and the distribution medium • Result: millions of machines waiting to be told who, how and when to attack. • More on this later … 04/13 cja 2013 30

  31. ICMP/UDP Flooding • Bombard the target with a one-way stream • Can be a single source • Can be multiple sources • Can be run from a bot net • Often use fragmented packets  Harder to filter as frags have no port info • Solution:  Monitor traffic for high-volume flows 04/13 cja 2013 31

  32. TCP SYN flooding • TCP ’ s three-way handshake:  A: SYN -> B (I ’ d like to talk)  B: SYN-ACK -> A (I ’ m willing to talk)  A: ACK -> B (OK, let ’ s talk!) • TCP half-ack:  A: SYN -> B (I ’ d like to talk)  B: SYN-ACK -> A (I ’ m willing to talk)  A: [silence] (Are we talking?) • Solution  Limit # buffers in half-open state 04/13 cja 2013 32

  33. Random target scans • If destination is unknown, router must ARP  => Worm causes router CPU meltdown • If destinations are in multicast space then MSDP entry is needed for each source  => Worm causes router CPU meltdown • Networks come on/off line due to attack  => Routing table thrashing causes CPU meltdown 04/13 cja 2013 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 7 Intrusion Detection Topics Fundamentals Network IDS Snort Host-based IDS

1.03k views • 72 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case study: Linux iptables

778 views • 46 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 8 Scanning Topics Scanning fundamentals Nessus installation & examination 04/13

235 views • 21 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 9 Linux Security & Logging Linux Security Real-World Linux Security RHEL

739 views • 41 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength & Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 5 Viruses & Worms, Botnets, Todays Threats Viruses & Worms Viruses Program

693 views • 31 slides
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define Access Controls List the four Access Control Models Describe logical Access Control Methods Explain the

128 views • 8 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Installing the Lab Environment Virtual Lab Environment Student-supplied hosts IA32-compatible The more CPU(s) and

261 views • 8 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Introduction Introduction Welcome to the course! Instructor: Dr. Charles J. Antonelli

209 views • 10 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A

Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Computer Security Fundamentals Fundamentals System/Network Security, crypto How do things work Why How to

824 views • 26 slides
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used Describe the components of

569 views • 7 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security: Private Communication in a Public World [Chap. 2-8] Charles Kaufman, Mike Speciner, Radia

697 views • 59 slides
IP and ARP Security, Earlence Fernandes UW Madison CS 642 1 Todays agenda IP Spoofing

IP and ARP Security, Earlence Fernandes UW Madison CS 642 1 Todays agenda IP Spoofing

IP and ARP Security, Earlence Fernandes UW Madison CS 642 1 Todays agenda IP Spoofing Denial of Service attack (DoS) Distributed DoS (DoS) Source address validation Link layer security Address resolution protocol (ARP)

1.72k views • 35 slides
Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order):

Multi6 Threats draft-nordmark-multi6-threats-00.txt Design Team Members (alphabetical order): Iljitsch van Beijnum, Steve Bellovin, Brian Carpenter, Mike O'Dell, Sean Doran, Dave Katz, Tony Li, Erik Nordmark, and Pekka Savola Why? Allowing

612 views • 11 slides
1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

Where in the stack is security? Attacks can be targeted at any layer of the 16: protocol stack Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows?

1.15k views • 9 slides
Findings Port Security is ineffective at preventing 3 different MAC Spoofing attacks in

Findings Port Security is ineffective at preventing 3 different MAC Spoofing attacks in

M EDIA A CCESS C ONTROL (MAC) A DDRESS S POOFING A TTACKS AGAINST P ORT S ECURITY Andrew Buhr, Dale Lindskog, Pavol Zavarsky, Ron Ruhl Concordia University College of Alberta Findings Port Security is ineffective at preventing 3 different

455 views • 24 slides
IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm -

IoT Security in Action! Julien Vermillard , Sierra Wireless @vrmvrm - jvermillard@sierrawireless.com EclipseCON EU 2016 Introduction Managing connected devices Why it is simple to exploit non-secured systems How simple to have the minimum

1.14k views • 39 slides
New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto

New developments on BREACH Dimitris Karakostas, Dionysis Zindros Stanford, Real World Crypto 2016 Overview BREACH review Our contributions Statistical attacks Attacking block ciphers Attacking noise Optimization

477 views • 33 slides
The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 ,

The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 ,

The Dark Side of Operational Wi-Fi Calling Services Tian Xie 1 , Guan-Hua Tu 1 , Chi-Yu Li 2 , Chunyi Peng, Mi Zhang 1 1 Michigan State University 2 National Chiao Tung University 3 Purdue University Wi-Fi Calling Services Wi-Fi Calling

621 views • 31 slides
A Strategy for Security Testing Industrial Firewalls Thuy D. Nguyen Steve C. Austin Cynthia E.

A Strategy for Security Testing Industrial Firewalls Thuy D. Nguyen Steve C. Austin Cynthia E.

A Strategy for Security Testing Industrial Firewalls Thuy D. Nguyen Steve C. Austin Cynthia E. Irvine Department of Computer Science Naval Postgraduate School December 10, 2019 Nguyen, Austin, Irvine (NPS) Security Testing ICS Firewalls 1

643 views • 35 slides

More recommend