Outline Brief introduction to networking CSci 5271 Announcements intermission Introduction to Computer Security Some classic network attacks Day 13: Network, etc., security overview Stephen McCamant Second half of course University of Minnesota, Computer Science & Engineering More Unix access control The Internet Layered model (OSI) 7. Application (HTTP) A bunch of computer networks 6. Presentation (MIME?) voluntarily interconnected 5. Session (SSL?) Capitalized because there’s really only one 4. Transport (TCP) No centralized network-level 3. Network (IP) management 2. Data-link (PPP) But technical collaboration, DNS, etc. 1. Physical (10BASE-T) Layered model: TCP/IP Packet wrapping
IP(v4) addressing IP and ICMP Internet Protocol (IP) forwards individual Interfaces (hosts or routers) identified packets by 32-bit addresses Written as four decimal bytes, e.g. Packets have source and destination 192.168.10.2 addresses, other options First ❦ bits identify network, ✸✷ ✲ ❦ Automatic fragmentation (usually host within network avoided) Can’t (anymore) tell ❦ from the bits ICMP (I Control Message P) adds We’ll run out any year now errors, ping packets, etc. UDP TCP User Datagram Protocol: thin wrapper Transmission Control Protocol: provides around IP reliable bidirectional stream abstraction Adds source and destination port Packets have sequence numbers, numbers (each 16-bit) acknowledged in order Still connectionless, unreliable Missed packets resent later OK for some small messages Flow and congestion control Routing Flow control: match speed to slowest Where do I send this packet next? link Table from address ranges to next hops “Window” limits number of packets sent Core Internet routers need big tables but not ACKed Maintained by complex, insecure, Congestion control: avoid traffic jams cooperative protocols Lost packets signal congestion Internet-level algorithm: BGP (Border Additive increase, multiplicative decrease Gateway Protocol) of rate
Below IP: ARP DNS Address Resolution Protocol maps IP Domain Name System: map more addresses to lower-level address memorable and stable string names to E.g., 48-bit Ethernet MAC address IP addresses Based on local-network broadcast Hierarchically administered namespace packets Like Unix paths, but backwards Complex Ethernets also need their own ✳❡❞✉ server delegates to ✳✉♠♥✳❡❞✉ routing (but called switches) server, etc. DNS caching and reverse DNS Classic application: remote login Killer app of early Internet: access To be practical, DNS requires caching supercomputers at another university Of positive and negative results Telnet: works cross-OS But, cache lifetime limited for freshness Send character stream, run regular login program Also, reverse IP to name mapping rlogin: BSD Unix Based on special top-level domain, IP Can authenticate based on trusting address written backwards computer connection comes from (Also rsh, rcp) Outline What about the midterm? Brief introduction to networking Announcements intermission Will be graded and handed back in class Monday Some classic network attacks Solutions might be posted a bit earlier Second half of course More Unix access control
Hands-on Assignment 1 Project meetings schedule Intended possibilities remaining in week 5: Next week, same time of week as first Format string vulnerability (exploited meeting twice) Unless we arrange otherwise ❣❡t ❧✐♥❡ buffer overflow (not exploited with new buffer size) Invitation/reminder emails out soon Negative time since modification? In class Monday: discussion of attacks Outline Packet sniffing Brief introduction to networking Watch other people’s traffic as it goes Announcements intermission by on network Easiest on: Some classic network attacks Old-style broadcast (thin, “hub”) Ethernet Wireless Second half of course Or if you own the router More Unix access control Forging packet sources TCP spoofing Forging source address only lets you talk, not listen Source IP address not involved in Old attack: wait until connection routing, often not checked established, then DoS one participant Change it to something else! and send packets in their place Might already be enough to fool a naive Frustrated by making TCP initial UDP protocol sequence numbers unpredictable But see Oakland’12, WOOT’12 for fancier attacks, keyword “off-path”
ARP spoofing rlogin and reverse DNS rlogin uses reverse DNS to see if originating host is on whitelist Impersonate other hosts on local network level How can you attack this mechanism with an honest source IP address? Typical ARP implementations stateless, don’t mind changes Now you get victim’s traffic, can read, modify, resend rlogin and reverse DNS Outline rlogin uses reverse DNS to see if Brief introduction to networking originating host is on whitelist Announcements intermission How can you attack this mechanism with an honest source IP address? Some classic network attacks Remember, ownership of reverse-DNS Second half of course is by IP address More Unix access control Cryptographic primitives Cryptographic protocols Core mathematical tools Sequence of messages and crypto Symmetric: block cipher, hash function, privileges for, e.g., key exchange MAC A lot can go wrong here, too Public-key: encryption, signature Also other ways security can fail even Some insights on how they work, but with a good crypto primitive concentrating on how to use them correctly
Crypto in Internet protocols Web security: server side Web software is privileged and How can we use crypto to secure processes untrusted data: what could network protocols go wrong? E.g., rsh ✦ ssh Shell script injection (Ex. 1) Challenges of getting the right public SQL injection keys Cross-site scripting (XSS) and related Fitting into existing usage ecosystems problems Web security: client side Security middleboxes Firewall: block traffic according to JavaScript security environment even security policy more tricky, complex NAT box: different original purpose, now More kinds of cross-site scripting de-facto firewall Possibilities for sandboxing IDS (Intrusion Detection System): recognize possible attacks Malware and network DoS Adding back privacy Every Internet packet has source and Attacks made possible by the network destination addresses on it Viruses, trojans, bot nets So how can network traffic be private Detection? or anonymous? Mitigation? Key technique: overlay a new network Distributed denial of service (DDoS) Examples: onion routing (Tor), anonymous remailing
Usability of security Electronic voting Challenging: hard versions of many hard problems: Prevent people from being the weakest Trust in software link Usability Simultaneously public and private Usability of authentication Some deployed systems arguably “Secure” web sites, phishing worse than paper Making decisions about mobile apps Can do better with crypto and systems approaches Electronic money (Bitcoin) Outline Brief introduction to networking Current payment systems have strong centralized trust Announcements intermission US Federal Reserve and mint Banks, PayPal Some classic network attacks Could they be replaced by a Second half of course peer-to-peer distributed system? Maybe More Unix access control “POSIX” ACLs ACL legacy interactions Hard problem: don’t break security of Based on a withdrawn standardization legacy code More flexible permissions, still fairly Suggests: “fail closed” Unix-like Contrary pressure: don’t want to break Multiple user and group entries functionality Decision still based on one entry Suggests: “fail open” Default ACLs: generalize group POSIX ACL design: old group inheritance permission bits are a mask on all novel Command line: ❣❡t❢❛❝❧ , s❡t❢❛❝❧ permissions
“POSIX” “capabilities” Privilege escalation dangers Many pieces of the root privilege are Divide root privilege into smaller ( ✘ 35) enough to regain the whole thing pieces Access to files as UID 0 Note: not real capabilities ❈❆P ❉❆❈ ❖❱❊❘❘■❉❊ First runtime only, then added to FS ❈❆P ❋❖❲◆❊❘ similar to setuid ❈❆P ❙❨❙ ▼❖❉❯▲❊ ❈❆P ▼❑◆❖❉ Motivating example: ♣✐♥❣ ❈❆P P❚❘❆❈❊ ❈❆P ❙❨❙ ❆❉▼■◆ ( ♠♦✉♥t ) Also allows permanent disabling Legacy interaction dangers Next time Former bug: take away capability to drop privileges Symmetric crypto primitives Use of temporary files by no-longer setuid programs For more details: “Exploiting capabilities”, Emeric Nasi
Recommend
More recommend
