outline
play

Outline Basics of network security Network Security Definitions - PDF document

Oct 05, 2023 •437 likes •535 views

Outline Basics of network security Network Security Definitions CS 239 Sample attacks Computer Software Defense mechanisms March 1, 2004 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004 Some

  1. Outline • Basics of network security Network Security • Definitions CS 239 • Sample attacks Computer Software • Defense mechanisms March 1, 2004 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004 Some Important Network Degree of Locality Characteristics for Security • Some networks are very local • Degree of locality – E.g., an Ethernet • Media used – Only handles a small number of • Protocols used machines, mostly related ones • Other networks are very non-local – E.g., the Internet backbone – Vast numbers of users/sites share bandwidth Lecture 12 Lecture 12 Page 3 Page 4 CS 239, Winter 2004 CS 239, Winter 2004 Implications of Locality Network Media • Truly local networks may gain from • Some networks are wires or cables physical security • Other networks run over the telephone • Relative trustworthiness of all lines participants may help • Other networks are radio links to • Common interests of all on a local satellites network may be helpful, too • Other networks are broadcast radio • Wide area networks generally harder links Lecture 12 Lecture 12 Page 5 Page 6 CS 239, Winter 2004 CS 239, Winter 2004 1

  2. Implications of Media Type Protocol Types • TCP/IP is probably the most widespread • Wires can sometimes be physically – But it only specifies some common protected intermediate levels • Radio links generally can’t – Other protocols exist above and below it –Though power and technology • In places, other protocols replace TCP/IP requirements for satellite links may • And there are lots of supporting protocols provide some help – Routing protocols, naming and directory –Directional antennae can also help protocols, network management protocols – And security protocols (IPSec, ssh, ssl) Lecture 12 Lecture 12 Page 7 Page 8 CS 239, Winter 2004 CS 239, Winter 2004 Implications of Protocol Type Threats to Network Security • The protocol defines a set of rules that will • Pretty much the usual suspects: always be followed –Wiretapping – But usually not quite complete –Impersonation – And they assume everyone is at least trying to play by the rules –Message confidentiality – What if they don’t? –Message integrity • Specific attacks exist against specific –Denial of service protocols Lecture 12 Lecture 12 Page 9 Page 10 CS 239, Winter 2004 CS 239, Winter 2004 Why Are Networks Especially What Can Attackers Attack? Threatened? • Many “moving parts” • The media connecting the nodes • Many different administrative domains • Nodes that are connected to them • Everyone can get some access • Routers that control the traffic • In some cases, trivial for attacker to get • The protocols that set the rules for a foothold on the network communications • Networks encourage sharing • Networks often allow anonymity Lecture 12 Lecture 12 Page 11 Page 12 CS 239, Winter 2004 CS 239, Winter 2004 2

  3. Wiretapping Wiretapping on Wires • An obvious network vulnerability • Signals can be trapped at many points – But don’t forget, “wiretapping” is a • Actually tapping into some physical wires is general term possible • Not just networks are vulnerable • Other “wires” are broadcast media • Passive wiretapping is listening in illicitly – Packet sniffers can listen to all traffic on conversations • Subverted routers and gateways also offer • Active wiretapping is injecting traffic access illicitly Lecture 12 Lecture 12 Page 13 Page 14 CS 239, Winter 2004 CS 239, Winter 2004 Wiretapping on Wireless Impersonation • Often just a matter of putting an antenna up • A packet comes in over the network – Though position may matter a lot –With some source indicated in its – Generally not even detectable that it’s header happening • Often, the action to be taken with the – Directional antennae and frequency packet depends on the source hopping may add challenges • Active threats are easier to detect • But attackers may be able to create – And, for satellites, technically packets with false sources challenging Lecture 12 Lecture 12 Page 15 Page 16 CS 239, Winter 2004 CS 239, Winter 2004 Methods of Network Authentication to Foil Impersonations Impersonation • Even in standard protocols, often easy • Higher level protocols often require authentication of transmissions to change fields in a header –When created or later • Much care required to ensure proper authentication –E.g., IP allows forging “from” • And not having authentication underneath addresses can cause many problems • Existing networks have little or no • Authentication schemes are rarely perfect built-in authentication Lecture 12 Lecture 12 Page 17 Page 18 CS 239, Winter 2004 CS 239, Winter 2004 3

  4. Violations of Message Message Integrity Confidentiality • Other problems can cause messages to be • Even if the attacker can’t create the inappropriately divulged packets he wants, sometimes he can • Misdelivery can send a message to the alter proper packets wrong place • To change the effect of what they will – Clever attackers can make it happen do • Message can be read at an intermediate gateway or a router • Sometimes an intruder can get useful information just by traffic analysis Lecture 12 Lecture 12 Page 19 Page 20 CS 239, Winter 2004 CS 239, Winter 2004 Methods of Attacks on Message Denial of Service Integrity • Replacing part of a packet • Attacks that prevent legitimate users from doing their work • Changing headers to alter destination of a packet • By flooding the network –Or its source • Or corrupting routing tables • Inserting improper packets into a • Or flooding routers proper packet stream • Or destroying key packets Lecture 12 Lecture 12 Page 21 Page 22 CS 239, Winter 2004 CS 239, Winter 2004 How Do Denial of Service Some Sample Attacks Attacks Occur? • Basically, the attacker injects some form of • Smurf attacks traffic • SYN flood • Most current networks aren’t built to throttle uncooperative parties very well • Ping of Death • All-inclusive nature of the Internet makes basic access trivial • Universality of IP makes reaching most of the network easy Lecture 12 Lecture 12 Page 23 Page 24 CS 239, Winter 2004 CS 239, Winter 2004 4

  5. Smurf Attacks SYN Flood • Based on vulnerability in TCP • Attack on vulnerability in IP broadcasting • Send a ping packet to IP broadcast address • Attacker uses initial request/response – With forged “from” header of your target to start TCP session to fill a table at the server • Resulting in a flood of replies from the sources to the target • Preventing new real TCP sessions • Easy to fix at the intermediary • SYN cookies and firewalls with – Don’t allow IP broadcasts to originate massive tables are possible defenses outside your network • No good solutions for victim Lecture 12 Lecture 12 Page 25 Page 26 CS 239, Winter 2004 CS 239, Winter 2004 Normal SYN Behavior A SYN Flood SYN SYN SYN SYN SYN SYN/ACK SYN/ACK SYN/ACK SYN/ACK SYN/ACK ACK N Y S Server can’t Table of open Table of open fill request! TCP connections TCP connections Lecture 12 Lecture 12 Page 27 Page 28 CS 239, Winter 2004 CS 239, Winter 2004 SYN Cookies The Ping of Death SYN/ACK number is • IP packets are supposed to be no longer function of source than 65,535 bytes long information • Can improperly send longer IP packets • Some OS networking software wasn’t prepared for that N Y S K C A – Resulting in buffer overflows and crashes N / Y S K C A No room in the table, • Can filter out pings, but other IP packets can also cause problem so send back a SYN Recalculate cookie to cookie, instead • OS patches really solve the problem determine if proper response Lecture 12 Lecture 12 Page 29 Page 30 CS 239, Winter 2004 CS 239, Winter 2004 5

  6. Network Security Mechanisms Encryption for Network Security • Again, the usual suspects - • Relies on the kinds of encryption algorithms and protocols discussed –Encryption previously –Authentication • But network security tends to only –Access control worry about the data transport issues –Data integrity mechanisms • Which leads to an important question - –Traffic control Lecture 12 Lecture 12 Page 31 Page 32 CS 239, Winter 2004 CS 239, Winter 2004 Authentication for Network Access Control Security • Various entities need to be • When a node is put on a network, authenticated potentially all its resources become –Hosts to hosts available over the network –Users to hosts • How do we control who can access –Hosts to users resources? • Because of inherent insecurities of • And how? networks, cryptographic methods used Lecture 12 Lecture 12 Page 33 Page 34 CS 239, Winter 2004 CS 239, Winter 2004 Checksums, Secure Hashes, and Data Integrity Mechanisms Digital Signatures • Bad things can happen if attackers can • Checksums can tell us if the data has changed change data values – If the checksum hasn’t been altered –Either while in transit in the net • Secure hashes use cryptographic techniques – If the hash is protected –Or by remotely accessing a machine • Digital signatures provide full protection • How do we keep our data intact? – At full cryptographic costs Lecture 12 Lecture 12 Page 35 Page 36 CS 239, Winter 2004 CS 239, Winter 2004 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

An automatic mammogram system: from screening to diagnosis Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Pectoral muscle

589 views • 45 slides
Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in preparing for your presentation; this outline is required. Title: I. Introduction (The speech actually starts here.) A. Attention Getter:

479 views • 3 slides
PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline to organize your argument to create a logical flow of information and plan your presentation layout. This outline is worth a group grade (one copy

506 views • 3 slides
1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a line that is drawn around elements, OUTSIDE the borders, to make the element "stand out". CSS has the following outline properties:

1.76k views • 117 slides
Outline Outline Background of the Network Vision Vision Aims Activities

Outline Outline Background of the Network Vision Vision Aims Activities

Asia Pacific Adaptation Network (APAN)- A k A key regional Initiative i l I iti ti Puja Sawhney Coordinator, APAN , Institute for Global Environmental Strategies Thimpu, Bhutan p 16 th November, 2011 Outline Outline Background of the

441 views • 9 slides
When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters Yogesh K. Ramadass, AnanthaGroup Microsystems Technology Laboratory Outline Outline Outline Outline

507 views • 36 slides
Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR personal presentation so you can create it however you want. These are just suggestions to help you get started. The purpose is to educate your

618 views • 3 slides
Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

ZSim Tutorial MICRO 2015 S TATS AND C ONFIGURATION Core Models Po-An Tsai Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation techniques ZSim core structure I1D I1I Simple IPC 1 core

1.96k views • 120 slides
Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Modeling Intention in Email : Speech Acts, Information Leaks and User Ranking Methods p g Vitor R. Carvalho Carnegie Mellon University William Cohen Ramnath a at Tom Tom Jon Jon Balasubramanyan Mitchell Elsas Outline Outline

1.09k views • 65 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Periodicity Sear Periodicity Search of ch of the the Geming Geminga-lik -like Pulsar e Pulsars Lupin Chun-Che Lin () Institute of Astronomy, National Central University, Taiwan Outline : Outline : Our method to perform periodicity

654 views • 19 slides
Outline for St Outline for St Outline for

Outline for St Outline for St Outline for

Outline for St Outline for St Outline for St Outline for St Francis Participation Francis Participation Francis Participation Francis Participation St Francis Overview Current Work on

120 views • 10 slides
RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa RDFa RDFa RDFa RDFa: A collection of attributes and processing p g rules for extending XHTML to support RDF. HTML contains structured data,

768 views • 37 slides
Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This is a suggested outline only. Students should work closely with their Faculty Advisors to adapt this format the presentation to the needs of the

418 views • 4 slides
1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2010) (Spring 2010) (real-time in OpenGL, offline raytracer, animation) CS 184, Lecture 1: Overview and

176 views • 5 slides
Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

Sophak PHOEUN, National DRR Forum Coordinat or & Executive Assistant to Vice President of NCDM , National Committee for Disaster Management. Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &

346 views • 15 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 8 Denial of Service DD2395 Sonja Buchegger 1 Course Admin l WANTED: Student representatives for the

1.29k views • 37 slides
Erlang's Open Telecom Platform (OTP) Framework Steve Vinoski Architect, Basho Technologies

Erlang's Open Telecom Platform (OTP) Framework Steve Vinoski Architect, Basho Technologies

Erlang's Open Telecom Platform (OTP) Framework Steve Vinoski Architect, Basho Technologies Cambridge, MA USA vinoski@ieee.org @stevevinoski http://steve.vinoski.net 1 Monday, June 18, 12 1 Erlang 2 Monday, June 18, 12 2 Functional

2.15k views • 188 slides
Ch02. Constrained Optimization Ping Yu Faculty of Business and Economics The University of Hong

Ch02. Constrained Optimization Ping Yu Faculty of Business and Economics The University of Hong

Ch02. Constrained Optimization Ping Yu Faculty of Business and Economics The University of Hong Kong Ping Yu (HKU) Constrained Optimization 1 / 38 Equality-Constrained Optimization 1 Lagrange Multipliers Caveats and Extensions

537 views • 39 slides
Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS Directive EU Directive on security of Networks and Information Systems UK Consultation: (August/Sept 2017):

635 views • 28 slides
Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon,

Traffic Measurement Analysis & Robust Methods Modeling Anomaly Detection Traffic Classification Conclusion + Internet Traffic: Analysis, Modeling with real-world aspects Pierre B ORGNAT CNRS ENS Lyon, Laboratoire de Physique (UMR

716 views • 60 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio

A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio

Complex Systems A Simulation-Based Approach Current Prototype Conclusions A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio Telmon 1 Daniele Sgandurra 2 1 Dipartimento di Informatica, Universit` a

601 views • 29 slides
Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz` Capability Model (Xia, et al.) External Meta External ECA Model Model Capability sub-model Attack Mitigation Network Security

258 views • 15 slides

More recommend