network security today
play

Network Security Today Robin Sommer International Computer Science - PowerPoint PPT Presentation

Jun 10, 2023 •256 likes •547 views

Network Security Today Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin Security at the CyberBorder February 2012, Indiana University

  1. Network Security Today Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin Security at the CyberBorder February 2012, Indiana University Security at the CyberBorder

  2. Outline Part 1: Today’s Network Threats. Part 2: Defender Strategies. 2 Security at the CyberBorder

  3. The Old Days ... 1300M Conficker.B Border Traffic Lawrence Berkeley National Lab Conficker.A Santy 1000M Mydoom.O Sasser #connections/month 800M Total connections Sobig.F Successful connections Welchia 600M Attempted connections Blaster 400M Slapper Nimda 200M CodeRed2 CodeRed 0M 1994 1996 1998 2000 2002 2004 2006 2008 Data: Lawrence Berkeley National Lab 3 Security at the CyberBorder

  4. Part 1: Today’s Threats Trend 1: Commercialization of Attacks Trend 2: Highly Targeted Attacks Trend 3: Insider Attacks 4 Security at the CyberBorder

  5. Trend 1: Commercialization of Attacks Attacks aimed at making a profit. Selling (illegal) goods and services. Exfiltrate information. Thriving underground economy. Empowered by virtually endless supply of “bots”. Everything is on sale (“crime-as-a-service”). 5 Security at the CyberBorder

  6. “Pay Per Install” Services 6 Security at the CyberBorder

  7. Crime Economics Accelerated arms race. Bear race. Innovative, fast moving attackers. If attack pays, it’s good enough. 7 Security at the CyberBorder

  8. Trend 2: Highly Targeted Attacks High-skill / high-resource attacks. Targeting you. Extremely hard to defend against. Attribution virtually impossible. Typical Instances “Advanced Persistent Threats”. Activist hacking. 8 Security at the CyberBorder

  9. Targeted Attacks: APTs Advanced Persistent Threat (APT). MANDIANT defines the APT as a group of sophisticated, determined and coordinated attackers that have been systematically Source: RSA compromising U.S. government and commercial computer networks for years. The vast majority of Source: MANDIANT 9 Security at the CyberBorder

  10. Targeted Attacks: APTs (2) EXPLOITATION LIFE CYCLE APT MALWARE COMMUNICATION STEP 1 100% of APT backdoors made only outbound connections Reconnaissance Used another STEP 2 port 17% Initial Intrusion into the Network STEP 3 Establish a Backdoor into the Network Used TCP port 80 or 443 83% STEP 4 Obtain User Credentials STEP 5 Install Various Utilities In no instance was any APT malware written or configured to listen for STEP 6 Privilege Escalation / Lateral Movement / Data Exfiltration inbound connections. STEP 7 Maintain Persistence Source: MANDIANT 10 Security at the CyberBorder

  11. Targeted Attacks: Activist Hacking Source: Wikipedia 11 Security at the CyberBorder

  12. Defender Strategies 12 Security at the CyberBorder

  13. Challenges Varying threat models. No ring rules them all. Semantic complexity. The action is really at the application-layer. Volume and variability. Network traffic is an enormous haystack. Legal and ethical frameworks. Not everything you can do, you may. 13 Security at the CyberBorder

  14. Defender Strategies Creating visibility. Instrument the network comprehensively. Analyze semantics. Not bytes. Share intelligence. “The good guys share, too!” Active response. Blacklist, or whitelist, what you know. 14 Security at the CyberBorder

  15. Creating Visibility with Bro > bro -i en0 [ ... wait ...] > cat conn.log #fields ts id.orig_h id.orig_p id.resp_h id.resp_p proto service duration 1144876741.1198 192.150.186.169 53115 82.94.237.218 80 tcp http 16.14929 1144876612.6063 192.150.186.169 53090 198.189.255.82 80 tcp http 4.437460 1144876596.5597 192.150.186.169 53051 193.203.227.129 80 tcp http 0.372440 #fields ts id.orig_h id.orig_p [...] host uri status_code user_agent [...] 1144876606.7789 192.150.186.169 53082 198.189.255.73 80 tcp http 0.597711 1144876741.4693 192.150.186.169 53116 82.94.237.218 80 tcp http 16.02667 1144876741.6335 192.150.186.169 53116 docs.python.org /lib/lib.css 200 Mozilla/5.0 1144876745.6102 192.150.186.169 53117 66.102.7.99 80 tcp http 1.004346 1144876742.1687 192.150.186.169 53116 docs.python.org /icons/previous.png 304 Mozilla/5.0 1144876605.6847 192.150.186.169 53075 207.151.118.143 80 tcp http 0.029663 1144876741.2838 192.150.186.169 53115 docs.python.org /lib/lib.html 200 Mozilla/5.0 > cat http.log 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/up.png 304 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/next.png 304 Mozilla/5.0 #fields ts id.orig_h id.orig_p [...] host uri status_code user_agent [...] 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/contents.png 304 Mozilla/5.0 1144876741.6335 192.150.186.169 53116 docs.python.org /lib/lib.css 200 Mozilla/5.0 1144876742.1687 192.150.186.169 53116 docs.python.org /icons/previous.png 304 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/modules.png 304 Mozilla/5.0 1144876741.2838 192.150.186.169 53115 docs.python.org /lib/lib.html 200 Mozilla/5.0 1144876742.3338 192.150.186.169 53116 docs.python.org /icons/index.png 304 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/up.png 304 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/next.png 304 Mozilla/5.0 1144876745.6144 192.150.186.169 53117 www.google.com / 200 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/contents.png 304 Mozilla/5.0 1144876742.3337 192.150.186.169 53116 docs.python.org /icons/modules.png 304 Mozilla/5.0 1144876742.3338 192.150.186.169 53116 docs.python.org /icons/index.png 304 Mozilla/5.0 1144876745.6144 192.150.186.169 53117 www.google.com / 200 Mozilla/5.0 15 Security at the CyberBorder

  16. Creating Visibility: Encryption “Auditing SSHD” STUNNEL' SSLOGMUX' PARENT' SSHD' BROPIPE' CHILD' SSHD' Source: Scott Campbell / NERSC 16 Security at the CyberBorder

  17. NERSC Computer Use Policies Form Monitoring and Privacy Users have no explicit or implicit expectation of privacy. NERSC retains the right to monitor the content of all activities on NERSC systems and networks and access any computer files without prior knowledge or consent of users, senders or recipients. NERSC may retain copies of any network traffic, computer files or messages indefinitely without prior knowledge or consent. 17 Security at the CyberBorder

  18. The Security Fence . Cartoon Courtesy Clay Bennett / The Christian Science Monitor 18 Security at the CyberBorder

  19. Analyzing Semantics Internal Tap 10GE Internet Network IDS Example: Finding downloads of known malware. 1. Find and parse all Web traffic. 2. Find and extract binaries. 3. Compute hash and compare with database. 4. Report, and potentially kill, if found. 19 Security at the CyberBorder

  20. Port-independent Application Analysis Bro’s Dynamic Protocol Detection Web Request for /virus.exe Web Client Server 5.6.7.8/5555 1.2.3.4/4321 If it parses Method Path Version Header right HTTP HTTP GET /virus.exe HTTP/1.1\nServer: ... Analysis ??? Not SSH Version SSH SSH-<n>.<m>- 20 Security at the CyberBorder

  21. Identifying HTTP Servers Server Addresses HTTP Host Headers a198-189-255-200.deploy.akamaitechnolgies.com ad.doubleclick.net a198-189-255-216.deploy.akamaitechnolgies.com ad.yieldmanager.com a198-189-255-217.deploy.akamaitechnolgies.com b.scorecardresearch.com a198-189-255-230.deploy.akamaitechnolgies.com clients1.google.com a198-189-255-225.deploy.akamaitechnolgies.com googleads.g.doubleclick.net a198-189-255-206.deploy.akamaitechnolgies.com graphics8.nytimes.com a198-189-255-201.deploy.akamaitechnolgies.com l.yimg.com a198-189-255-223.deploy.akamaitechnolgies.com liveupdate.symantecliveupdate.com 72.21.91.19 mt0.google.com a198-189-255-208.deploy.akamaitechnolgies.com pixel.quantserve.com a198-189-255-207.deploy.akamaitechnolgies.com platform.twitter.com nuq04s07-in-f27.1e100.net profile.ak.fbcdn.net a184-28-157-55.deploy.akamaitechnologies.com s0.2mdn.net a198-189-255-224.deploy.akamaitechnolgies.com safebrowsing-cache.google.com a198-189-255-209.deploy.akamaitechnolgies.com static.ak.fbcdn.net a198-189-255-222.deploy.akamaitechnolgies.com swcdn.apple.com a198-189-255-214.deploy.akamaitechnolgies.com upload.wikimedia.org nuq04s06-in-f27.1e100.net www.facebook.com upload-lb.pmtpa.wikimedia.org www.google-analytics.com nuq04s08-in-f27.1e100.net www.google.com 21 Security at the CyberBorder

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today

WiF iFi security UW Madison CS 642 1 Announcements HW 3 (network security) out today Due April 2 nd Online classes going forward Testing out BBCollaborate Ultra today Recordings should be available Might use different

1.19k views • 27 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #24 Nov 29 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Project #2 is due today (please

317 views • 29 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #22 Nov 11 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Proj #2 Due week from today Following Thurs is

485 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #14 Oct 18 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 back today Well go over some points before we

686 views • 46 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #18 Oct 28 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Quiz #3 Thurs, Nov 4 th A week from today How to

695 views • 50 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #12 Oct 6 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Project #0 assigned today Due Oct 18 th in class

718 views • 33 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for

799 views • 34 slides
Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

1/24/2012 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Network Security Lecture 5 Eike Ritter Network

281 views • 7 slides
CS 598: Network Security Matthew Caesar January 17, 2013 1 Today: Security of the Physical

CS 598: Network Security Matthew Caesar January 17, 2013 1 Today: Security of the Physical

Lecture 2: Physical Layer Security CS 598: Network Security Matthew Caesar January 17, 2013 1 Today: Security of the Physical Layer Networks are made up of devices and communication links Devices and links can be physically

1.01k views • 69 slides
Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

M EET S CIENCE OF S ECURITY Adam Tagert Ph.D. actager@tycho.ncsc.mil Science of Security &amp; Privacy Technical Director National Security Agency Introduction What is the Problem What is Science? 3 Themes Research Focus Areas

955 views • 57 slides
Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying

Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying

Towards Automated Safety Vetting of PLC Code in Real-World Plants Mu Zhang , Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi , Sibin Mohan, Kira Barton, James Moyne and Z. Morley Mao

775 views • 22 slides
Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 ,

Multi-Key Homomorphic Signatures Unforgeable under Insider Corruption Russell W. F. Lai 1,2 , Raymond K. H. Tai 2 , Harry W. H. Wong 2 , Sherman S. M. Chow 2 1 Friedrich-Alexander University Erlangen-Nuremberg 2 Chinese University of Hong Kong

618 views • 59 slides
Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman,

Towards Detecting Stealthy Attacks in Power Grid using Deep Learning Mohammad Ashrafuzzaman, Yacine Chakhchoukh and Frederick T. Sheldon Departments of Computer Science and Electrical &amp; Computer Engineering, University of Idaho, Moscow

425 views • 20 slides
MGS696 - Tech Consulting for Social Impact Develop a system using Salesforce for a local non

MGS696 - Tech Consulting for Social Impact Develop a system using Salesforce for a local non

MGS696 - Tech Consulting for Social Impact Develop a system using Salesforce for a local non profit Learn to be a consultant Undergrads &amp; Grads welcomed! Talk to Alex after class Risk Management BY Y ALE LEXANDER BIT BITAR

415 views • 24 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of Cryptography Prof. Nadim Kobeissi 1.8a Electronic Voting 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Properties of an

879 views • 20 slides
Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c {ton.vandeursen, sasa.radomirovic}@uni.lu University of Luxembourg Financial support received from the Fonds National de la Recherche (Luxembourg) Ton van Deursen

144 views • 12 slides
1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to

1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to

Undermount Slides 1A68 SIMPLEX Specifications Silent Soft-Closing Undermount Slide (16mm) Length: 250mm to 600mm Travel: Full Extension Maximum Drawer Side Thickness: 16mm Max. Load Capacity: 45 kg(100 lb)/pair Mount:

285 views • 4 slides

More recommend