operational practices
play

Operational Practices Internet Security [1] VU Engin Kirda - PowerPoint PPT Presentation

May 11, 2023 •198 likes •599 views

Operational Practices Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Admin Issues and News Reminder: Exam on the 28th, registration required You will only be allowed to take

  1. Operational Practices Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at

  2. Admin Issues and News • Reminder: Exam on the 28th, registration required – You will only be allowed to take the exam if your account has not been suspended (login and find out) and any open issues have been resolved. Further exam next semester, in urgent cases, contact us (oral exam possible any time) • TUWIS Bewertungsform (do give us feedback) • CTF last Friday (no, we did not take part as claimed ;-)) – http://www.heise.de/newsticker/meldung/60443 – http://futurezone.orf.at/futurezone.orf?read=detail&id=268141 – We will take part next semester Internet Security 1 2

  3. Outline • Basic Steps • Basic Steps • Wrappers • Wrappers • Firewalls • Firewalls – General Overview – Packet Filter, Stateful-Inspection • iptables – Circuit-Level Gateway, Application Gateway • Intrusion Detection (ID) and ID Systems • Basic Wireless Security Internet Security 1 3

  4. Basic Steps in Protecting Yourself • Update your computer(s): – Windows: Windows Update – Linux: apt-get (Debian), yum (Fedora), urpmi (Mandrake) • Updating will “protect” you against buffer overflows, viruses, worms, etc. • Use anti-spyware programs – e.g., AdAware, Spybot, Hijackthis Internet Security 1 4

  5. TCP Wrappers allow host based access control on connections • tcpd replaces daemons from inetd • listens at ports, accepts connections • checks hosts.allow and hosts.deny • allows – log connection – perform double reverse lookups (prevent DNS/spoofing attacks) Internet Security 1 5

  6. Firewall • Local network is trusted • “Outside” is potentially malicious • Unprotected network – security is implemented on each host – single vulnerable host would violate whole network security – administrative nightmare • Protected network – place barrier at the borders of trusted, inside network – barrier provides access control – helps with system monitoring and simplifies management � such a barrier is called firewall Internet Security 1 6

  7. Firewall • Not the ultimate solution – cannot deal satisfactorily with content – vulnerable to inside attacks and covert channels – potential performance bottlenecks – when compromised, network is unprotected • Security Strategies – least privilege • only permissions that are necessary should be granted – defense in depth • additional security installations should be present – controlled access – fail-safe • a failing firewall may not reduce security Internet Security 1 7

  8. Filtering Routers • Filtering Routers route packets between internal and external hosts – do it selectively – perform filtering • allow or block certain types of packets • Screening procedure is based on – Protocol (whether the packet is a TCP, UDP, or ICMP packet) – IP source/destination address – TCP or UDP source/destination port – TCP flags – ICMP message type – interfaces where packets are arriving and leaving Internet Security 1 8

  9. Filtering Rules • specify the filtering that is used • Each rules specifies – action (allow, deny) – source address/port pattern – destination address/port pattern – presence or absence of flags • When a packet is received the rules are applied in an ordered sequence – if a rule matches the corresponding action is taken – if no rule matches, a default action is taken Internet Security 1 9

  10. Packet Filter • Old ones might be vulnerable to spoofing • Fragmented Datagrams – discarded when not enough information to apply filter – when first fragment contains enough information, remaining ones are passed unchecked – potential vulnerability • first fragment with innocent values • other fragments with non-zero offset rewrite these values with malicious ones • reassembled fragment is delivered to protected service Internet Security 1 10

  11. Filtering UDP Datagrams • Not possible without keeping state • impossible to associate a UDP reply to a UDP request, e.g. – internal host sends UDP datagram to remote host (localhost,localport,remotehost,remoteport) – remote host sends back a udp reply (remotehost,remoteport,localhost,localport) • so usually UDP traffic is blocked in stateless firewalls • Solution: Dynamic Filtering – filtering router remembers outgoing UDP packets – creates a temporary rule that lets reply packets pass Internet Security 1 11

  12. Packet Filter • Advantages – easy to implement (relies on existing hardware) – good performance • Limits – limited auditing – difficult to configure – not very flexible, extensible • Linux and Windows – iptables , ipchains, Windows XP SP2 Internet Security 1 12

  13. iptables • iptables is used to set up, maintain, and inspect the IP firewall rules in the Linux kernel • Rules are organized in “chains” (i.e, ordered lists) – chains can be associated with different phases in the datagram handling process • input, output and forward chain – iptables supports user-specified chains • allow to “jump” to a chain of rules in case of a match Internet Security 1 13

  14. Stateful Inspection • acts as a packet filter • but accesses higher-level protocol information – check also content of packet / deny on match (e.g. virus) – allows to track sessions (e.g. ftp, http) – virtual sessions for connection-less protocols (e.g. UDP) • firewall stores ports used in a particular UDP transaction • temporarily creates an exception to let the answer pass through • Checkpoint firewall Internet Security 1 14

  15. Gateway • A gateway is a host with two (or more) network interfaces – (usually) operating system is configured so that IP forwarding is disabled – Traffic can pass across the gateway only if there is an application that explicitly operates the transfer (proxy) • Proxy Service – application that acts as an intermediary between client within the protected network and server in the outside world and vice versa – when a client requests a connection to the outside, it actually connects to the proxy – proxy examines the connection request with respect to security policy – and possibly opens the actual connection to the server on behalf of the client Internet Security 1 15

  16. Circuit-Level Gateway • Not only checks packets, but sessions / connections – based on user / password (e.g. first telnet to gateway, then telnet to the outside) – time of day • all traffic is disallowed, only validated sessions may transfer data • do not need to be aware of the protocol • cannot perform application-level filtering Internet Security 1 16

  17. Application Gateway • Application-level gateways interpret the particular application protocol being “proxied” – e.g. HTTP / FTP – need to know the application protocol details – need a different proxy for each protocol – can perform advanced filtering • Advantages – cheap – extensive logging possible – secure – internal network invisible – might cache requests and replies • Limits – scalability, performance bottleneck Internet Security 1 17

  18. De-Militarized Zone • DMZ – de-militarized zone – network area between two packet filters • external filter only allows traffic from outside • internal filter only allows traffic from inside – separates external and internal network – contains hosts that provide • external services (e.g. web server, DNS) and • application gateways for internal clients – when hosts are compromised • internal traffic cannot be sniffed • protection from internal packet filter Internet Security 1 18

  19. De-Militarized Zone 2 Subnet 1 Subnet 2 Web Server Internal network Mail Server Firewall Firewall Internet Security 1 19

  20. Intrusion Detection • Process of identifying and responding to malicious activities targeted against networks and its resources • System that performs intrusion detection is called Intrusion Detection System (IDS) – complements prevention techniques (e.g. firewalls) • defense mechanism behind outer barrier • works against insiders – important market for security companies (ISS, Cisco) Internet Security 1 20

  21. Intrusion Detection Techniques • Misuse-based – observed behavior is compared against description of known, undesirable behavior (signatures) – intrusion assumed when signature spotted in input data – comparable to virus scanner – all commercial systems follow this approach – Advantages • accurate reports (low false positive rate) – Disadvantages • needs continous update of signatures (like virus scanner) • unable of detecting novel intrusions Internet Security 1 21

  22. Intrusion Detection Techniques • Anomaly-based – behavior is compared against description of anticipated, legal behavior (profile) – intrusion assumed when deviation between input and profile significant – statistical methods, AI techniques (neural networks) – Advantages • capable of detecting novel attacks – Disadvantages • difficult to configure / train • high number of false alarms (incorrect detects) Internet Security 1 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin

Down the Black Hole: Dismantling Operational Practices of BGP Blackholing at IXPs Marcin Nawrocki, Jeremias Blendin, Christoph Dietzel, Thomas C. Schmidt, Matthias Whlisch Christmas is near!

1.15k views • 80 slides
COVID-19 Public Health Emergency (PHE) Telehealth: Operational Best Practices Not intended to

COVID-19 Public Health Emergency (PHE) Telehealth: Operational Best Practices Not intended to

COVID-19 Public Health Emergency (PHE) Telehealth: Operational Best Practices Not intended to constitute legal or medical advice. COVID-19 April 15, 2020 For educational purposes only. 1 Disclaimer The purpose of this presentation is to

349 views • 22 slides
AGA Peer Review AUDIT A Voluntary Safety & Operational Practices Program The Peer Review

AGA Peer Review AUDIT A Voluntary Safety & Operational Practices Program The Peer Review

2019 AGAs Peer Review Luke Litteken Senior Vice President, Gas Xcel Energy On Behalf of American Gas Association AGA Peer Review AUDIT A Voluntary Safety & Operational Practices Program The Peer Review Program gives member companies

413 views • 13 slides
Filter Bag Performance & Maintenance Best Practices May 2020 Presented by Lonnie Glen

Filter Bag Performance & Maintenance Best Practices May 2020 Presented by Lonnie Glen

Filter Bag Performance & Maintenance Best Practices May 2020 Presented by Lonnie Glen & Jeremy Rupp Key points today Bag cleaning system problem symptoms Best maintenance practices Key operational tips to increase

671 views • 66 slides
Practices of looking Practices of looking Introduction to practices of looking Discuss

Practices of looking Practices of looking Introduction to practices of looking Discuss

Practices of looking Practices of looking Introduction to practices of looking Discuss theories of representation Discuss the myth of the photographic truth (see sample response paper) Discuss facets of ideology

512 views • 33 slides
RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL

RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL

FACILITATION MEASURES FOR INTERNATIONAL RAILWAY TRANSPORT, AT RAILWAY BORDER CROSSINGS, AND ON TECHNICAL STANDARDS AND OPERATIONAL PRACTICES ALONG INTERNATIONAL CORRIDOR IN MONGOLIA December 2017, Astana, Kazakhstan Regional meeting on

553 views • 20 slides
AS OF MARCH 31, 2017 KEY MESSAGES & OPERATIONAL UPDATE KEY MESSAGES & OPERATIONAL UPDATE

AS OF MARCH 31, 2017 KEY MESSAGES & OPERATIONAL UPDATE KEY MESSAGES & OPERATIONAL UPDATE

FINANCIAL INFORMATION AS OF MARCH 31, 2017 KEY MESSAGES & OPERATIONAL UPDATE KEY MESSAGES & OPERATIONAL UPDATE KEY MESSAGES Q1 in line with expectations Sound performance of growth engines Solid operational cash flow generation, net

709 views • 15 slides
CONGESTION MANAGEMENT PRACTICES in the CHICAGO METROPOLITAN REGION Presentation Contents

CONGESTION MANAGEMENT PRACTICES in the CHICAGO METROPOLITAN REGION Presentation Contents

CONGESTION MANAGEMENT PRACTICES in the CHICAGO METROPOLITAN REGION Presentation Contents Congestion Causes Operational Solutions Traffic Signal Coordination Facility Limitations Message Boards Incidents Ramp Metering

701 views • 43 slides
Testing Hookpod-minis (results) Project objective: Test the operational effectiveness of

Testing Hookpod-minis (results) Project objective: Test the operational effectiveness of

Testing Hookpod-minis (results) Project objective: Test the operational effectiveness of hookpod-minis relative to current fishing practices in the New Zealand pelagic longline fishery. Presentation to CSP Technical Working Group 4661,

322 views • 20 slides
Operational Node Connectivity Description (OV-2) Operational Activity Decomposition (OV-5, Node

Operational Node Connectivity Description (OV-2) Operational Activity Decomposition (OV-5, Node

Operational Node Connectivity Description (OV-2) Operational Activity Decomposition (OV-5, Node Tree) Operational Activity Model (OV-5, A-0 diagram) Purpose: The purpose of BSF is to protect a high density urban environment against biological

126 views • 12 slides
Future Operational Environment The Operational Environment Enterprise DCS, G-2 TRADOC

Future Operational Environment The Operational Environment Enterprise DCS, G-2 TRADOC

The overall classification of this briefing is UNCLASSIFIED in its entirety. Future Operational Environment The Operational Environment Enterprise DCS, G-2 TRADOC Distribution A: Publicly Releasable Victory Starts Here!

370 views • 4 slides
Operational Risk What it is and how to reduce it Session Overview What is Operational Risk

Operational Risk What it is and how to reduce it Session Overview What is Operational Risk

Operational Risk What it is and how to reduce it Session Overview What is Operational Risk Common Risk Types and Categories What to Assess Most Overlooked Items Simplified Rating Risk and Reporting Mitigation Strategies

621 views • 35 slides
Operational Quality Improvement Operational Quality Improvement Designing Safe and Efficient

Operational Quality Improvement Operational Quality Improvement Designing Safe and Efficient

09/18/2012 Caroline LeGarde, Administrator, Johns Hopkins Department of Dermatology September 14, 2012 Operational Quality Improvement Operational Quality Improvement Designing Safe and Efficient Systems and Spaces Operational Quality Improvement

433 views • 24 slides
1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE

1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE

1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE RIGHT EXPECTATIONS Set the right tone Tell users what they can do and what to expect Is it more an open or a closed conversation? 3 Best Practices

925 views • 21 slides
Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why do we keep seeing these headlines? 1. The Meta Goal Can we devise changes to operational practices, or operational tools or routing technologies

572 views • 15 slides
Semantic Function Parsing s Denotational semantics operates on Notation

Semantic Function Parsing s Denotational semantics operates on Notation

Operational vs. denotational Operational semantics meaning of program defined by syntactic CS 611 transitions structural operational semantics: how to write a Advanced Programming Languages recursive-descent interpreter

265 views • 3 slides
Discourse BSc Artificial Intelligence, Spring 2011 Raquel Fernndez Institute for Logic,

Discourse BSc Artificial Intelligence, Spring 2011 Raquel Fernndez Institute for Logic,

Discourse BSc Artificial Intelligence, Spring 2011 Raquel Fernndez Institute for Logic, Language & Computation University of Amsterdam Raquel Fernndez Discourse BSc AI 2011 1 / 21 Plan for Today Discussion of HW#2 and

812 views • 21 slides
Generalized Pattern Matching Micro-Engine Yuanwei Fang*, Raihan Rasool , Dilip Vasudevan*,

Generalized Pattern Matching Micro-Engine Yuanwei Fang*, Raihan Rasool , Dilip Vasudevan*,

Generalized Pattern Matching Micro-Engine Yuanwei Fang*, Raihan Rasool , Dilip Vasudevan*, Andrew A. Chien* Argonne National Laboratory King Faisal University University of Chicago * Big Data Applications Deep Packet

275 views • 26 slides
Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many

Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many

Small is Beautiful: the design of Lua Roberto Ierusalimschy PUC-Rio Language design many tradeoffs similar to any other design process designers seldom talk about them what a language is not good for Typical tradeoffs

724 views • 49 slides
Monitoring Command-and-Control Channels with ccSpy Final Presentation Oliver Gasser

Monitoring Command-and-Control Channels with ccSpy Final Presentation Oliver Gasser

Monitoring Command-and-Control Channels with ccSpy Final Presentation Oliver Gasser Interdisciplinary Project Advisor: Lothar Braun Chair for Network Architectures and Services Faculty of Computer Science Technische Universit at M

1.02k views • 56 slides
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse? Virus?

470 views • 27 slides
DB ENCH -OLTP (2005) tpmC Baseline Performance $ Tf Performance With Faults $ tpmC Tf

DB ENCH -OLTP (2005) tpmC Baseline Performance $ Tf Performance With Faults $ tpmC Tf

7/23/18 B ENCHMARKING B ENCHMARKING THE S ECURITY OF S OFTWARE S YSTEMS OR TO BE NCHMARK OR NOT TO BE NCHMARK Assessing and comparing computer systems and/or components according to specific quality attributes Performance benchmarking QRS

378 views • 7 slides
Observing Internet Path Transparency to Support Protocol Engineering Brian Trammell

Observing Internet Path Transparency to Support Protocol Engineering Brian Trammell

Observing Internet Path Transparency to Support Protocol Engineering Brian Trammell <trammell@tik.ee.ethz.ch> Mirja Khlewind <mirja.kuehlewind@tik.ee.ethz.ch> IRTF & ISOC Workshop on Research and Applications of Internet

556 views • 4 slides
Vehicle to Pavement Passive Sensing for AV Lateral Position Detection Jeff Roesler, PhD, PE

Vehicle to Pavement Passive Sensing for AV Lateral Position Detection Jeff Roesler, PhD, PE

Vehicle to Pavement Passive Sensing for AV Lateral Position Detection Jeff Roesler, PhD, PE Sachindra Dahal, PhD Candidate Department of Civil and Environmental Engineering University of Illinois at Urbana Champaign September 29, 2020

474 views • 34 slides

More recommend